Writer : Seunghyun Seo

Contact: tgnice@nchovy.com

tgnice@programming.or.kr

Facebook Open Graph Authentication To Get Access Permission

Facebook Open Graph Authentication

► Introduction

► Access Token

► Permission

► Graph API

► Appendix

► References

Contents

Introduction Abstract

Introduction

Open Graph is Core Concept in Facebook

The Graph API is the core of Facebook

Platform for Development ► Open Graph Theory

Authentication ► Facebook authentication enables your app to interact

with the Graph API on behalf of Facebook users and

provides a powerful single-sign on mechanism across

Web, mobile, and desktop apps.

Tools For Developer ► Insights, Graph API Explorer, JavaScript Test Console,

Test Users, URL Linter .

PAGE ## | DATE

Access Token

Access Token

Authenticating as an Application allows your application to

obtain an App Access Token.

Obtain an App Access Token. ► The API will respond with a query-string formatted string of the form.

► You should parse this string, and use the value in the access_token

parameter to to the API.

► App access tokens do not expire unless you refresh you app's App

Secret.

Make requests to the API. ► An app access token allows you to make requests as an application,

not a user.

► To retrieve the details of your application, perform an HTTP GET.

► To read your applications insights data, perform an HTTP GET.

String Format ► Https://[REDIRECTURL]#access_token=[ACCESS_TOKEN]

Access Token

2012, May, 2 offline_access Permission will be eliminated.

Allow Other way.- Handling Expired Access Tokens.

Currently the long-lived user access_token will be valid for

60 days while the short-lived user access_tokens are valid

from 1 to 2 hours.

PAGE ## | DATE

Permission

Permission

By default, when authorizing your application, a user only

grants your app access to their basic information.

If you want to read additional data or write data to Facebook,

you need to request additional permissions.

In the various authentication flows, you should specify the

additional permissions you require using the scope parameter.

To see which additional permissions you can request, and the

access they offer you, see the Permissions reference.

Permission

Basic Information ► Id, name, picture, gender, locale, Friends Connection, Public Data

User and Friend Permissions

Extended Permissions ► Individually user-revocable.

Open Graph Permission ► To Publish Action

Page Permission ► Manage User’s Page

Permission

User Permission Friends Permission Description

user_about_me friends_about_me Provides access to the "About Me" section of the profile in the

about property

user_activities friends_activities Provides access to the user's list of activities as the activities

connection(belong to Likes)

user_birthday friends_birthday Provides access to the birthday with year as the birthday

property

user_checkins friends_checkins Provides read access to the authorized user's check-ins or a

friend's check-ins that the user can see. This permission is

superseded by user_status for new applications as of

March, 2012.

user_education_history friends_education_history Provides access to education history as the education property

user_events friends_events Provides access to the list of events the user is attending as

the events connection

Permission

User Permission Friends Permission Description

user_groups friends_groups Provides access to the list of groups the user is a member of as

the groups connection

user_hometown friends_hometown Provides access to the user's hometown in the hometown

property

user_interests friends_interests Provides access to the user's list of interests as the interests

connection(belong to Likes)

user_likes friends_likes Provides access to the list of all of the pages the user has liked

as the likes connection

user_location friends_location Provides access to the user's current location as the location

property

user_notes friends_notes Provides access to the user's notes as the notes connection

Permission

User Permission Friends Permission Description

user_photos friends_photos Provides access to the photos the user has uploaded, and

photos the user has been tagged in

user_questions friends_questions Provides access to the questions the user or friend has asked

user_relationships friends_relationships Provides access to the user's family and personal

relationships and relationship status

user_relationship_details friends_relationship_detail

s

Provides access to the user's relationship preferences

user_religion_politics friends_religion_politics Provides access to the user's religious and political

affiliations

user_status friends_status Provides access to the user's status messages and check-ins.

Please see the documentation for the location_post. you were t

agged in the Post, a friend was tagged in the Post, you authore

d the Post, a friend authored the Post

Permission

User Permission Friends Permission Description

user_videos friends_videos Provides access to the videos the user has uploaded, and

videos the user has been tagged in(belong to Likes)

user_website friends_website Provides access to the user's web site URL

user_work_history friends_work_history Provides access to work history as the work property

email N/A Provides access to the user's primary email address in the

email property. Do not spam users. Your use of email must

comply both with Facebook policies and with the CAN-SPAM

Act.

Permission

Graph API

Graph API

Method Description Argument

/PROFILE_ID/feed Publish a new post on the given profile's

feed/wall

message, picture, link, name, caption,

description, source, place, tags

/OBJECT_ID/comments Comment on the given object (if it has a

/comments connection)

message

/OBJECT_ID/likes Like the given object (if it has a /likes

connection)

Everything have object ID. But, There is

no object in “Comment likes”. it just

show like count.

none

/PROFILE_ID/notes Publish a note on the given profile message, subject

/PROFILE_ID/links Publish a link on the given profile link, message, picture, name, caption,

description

/PROFILE_ID/events Create an event name, start_time, end_time

Format ► Https://graph.facebook.com/ID/Connection?access_token=[ACCESSTOKEN]

► Connection that you can use is Explained by Chart

Graph API

Method Description Argument

/EVENT_ID/attending RSVP "attending" to the given event none

/EVENT_ID/maybe RSVP "maybe" to the given event none

/EVENT_ID/declined RSVP "declined" to the given event none

/PROFILE_ID/albums Create an album name, message

/ALBUM_ID/photos Upload a photo to an album message, source, place (multipart/form-data)

/PROFILE_ID/checkins Create a check-in at a location

represented by a Page

coordinates, place, message, tags

Before 2012. 5. 2. Your Wall is Yours, but post that made of others is not your permission. That

is not yours. it has friends Permission

After 2012. 5.2. Facebook Change Privacy Policy. Removed offline Permission. And You can

Access Friend’s Post in Your Wall.

Open Graph Object

Open Graph Object

Object Description Object Description

Achievement Instance for an achievement for a

user

Album A Photo Album

Application An Application Registered on

Facebook Platform

Checkin A checkin made Through Facebook

Place or the Graph API

Comment A Comment on a Graph API object Domain A Website Domain within the Graph API

Event A Facebook Event FriendList A Facebook Friend List. This object

represents the list itself and not the

members of the list.

Group A Facebook Group Insight Statistics About Applications, Pages, or

Domain

Link A Shared Link Message A message in a Thread

Note A Facebook Note Offer An Offer Published by a Page

List of Open Graph Object

Open Graph Object

Object Description Object Description

Order An order object associated with

facebook credit

Page A Facebook Page

Photo An Individual Photo within an

Album

Post An Individual entry in a profile’s feed

Question A Question Asked by a user, as

represented in the graph API

QuestionOption An Option Aloowed as an answer to a

question

Review A Review for an application Status message A status message on a user’s wall

Subscription A subscription to an application to

get real-time updates an Graph

object type

Thread A message thread

user A user profile video An individual video

Appendix Chart, Infographics

Chart

Achievement Object Properties The achievement(Instance) object represents the achievement achieved by a user for a particular app.

Object Description Permission Return Value

Id Id of the achievement(instance) app or user

access_token

String(Single object is Always String)

From The user who achieved the

achievement

app or user

access_token

JSON Object containing(id, name)

Created_time Time at which the achievement

was achieved

app or user

access_token

String containing an ISO-8601 date time

Application The application in which the user

achieved the achievement

app or user

access_token

JSON Object containing(id, name)

Achievement The achievement object that the

user achieved

app or user

access_token

JSON Object containing(id, url, type, title)

likes likes received by the story app or user

access_token

JSON Object contained[count of likes,

JSON Object Array containing(id, name) ]

comments Comments received by the

achievement story

app or user

access_token

JSON Object containing Comments

Object(count of comment, JSON Object

From, message, Created time)

Chart

Album Object Properties#1 If an app lets a user choose an album when uploading photos, the app should check the can_upload flag to be sure that

the app is allowed to add new photos to the album.

Object Description Permission Return Value

Id The Album ID Any valid access_token

or user_photos or

friend_photos

String(Single object is Always String)

From The Profile that created this Album Any valid

access_token

JSON Object containing(id, name)

Name The Title of the Album Any valid access_token or

user_photos or

friend_photos

String

Description The Descriprtion of the album the same as above String

Location The Location of the Album String

Link A Link to this Album on Facebook String(Valid URL)

Chart

Album Object Properties#2

Object Description Permission Return Value

Cover_Photo A Link to this Album on Facebook the same as above String

Privacy The Privacy Setting for the

Album

String

Count The Number of Photos in this

Album

String

Type The Type of the Album String( Profile , Mobile Wall, Normal )

Created_Time The Time the Photo Album was

initially created

String containing an ISO-8601 date time

Updated_Time The Last Time the Photo Album

was updated

String containing an ISO-8601 date time

Can_Uploaded Determines whether the UID can

upload to the album and returns

true

Boolean

Chart

Album Object Connections

The Album object has the following connections. Connections give Specific URL for to obtain JSON

Object.

Name Description Permission Return Value

Photos The Photos caontained in this

album

Any valid

access_token or

user_photos or

friend_photos

JSON Array Object of Photo

Likes The Likes made on this album the same as above

JSON Object Containing(id, from,

message, created_time)

Comments The Comments made on this

album

JSON Array Object Containing(id, name)

Pictures The Album’s cover Photo, the

first picture uploaded to an album

becomes the cover photo for the

album.

HTTP 302 redirect to URL of the album's

cover picture

Chart

Checkin Object Properties#1 A Checkin represents a single visit by a user to a location. The User and Page objects have checkin connections. The

behavior of Checkins is affected by the "Include Checkins with Statuses" migration setting.

Object Description Permission Return Value

Id The checkin ID user_checkins String(Single object is Always String)

From The ID and name of the user who

made the checkin

the same as

above

JSON Object containing(id, name)

Tags The users the author tagged in the

checkin

JSON Array Object containing(id, name)

place Information about the Facebook

Page that represents the location of

the checkin

JSON Object containing[id, name,

JSON Object location containing(latitude,

longitude)]

Application Information about the application

that made the checkin

JSON Object containing(id, name,

Canvas name, namespace)

Chart

Checkin Object Properties#2

Object Description Permission Return Value

Created_time The time the checkin was

created

the same as above

String containing an ISO-8601 date time

Like Users who like the checkin JSON Array Object containing(id, name)

Message The Message the user added to

the checkin

String

Comments All of the Comments on this link JSON Array Object containing(id, from,

message, created_time)

Type The Type of this object; always

return checkin

String

Chart

Checkin Object Connections

The Album object has the following connections. Connections give Specific URL for to obtain JSON

Object.

Name Description Permission Return Value

Comments All of the comments on this

checkin.

user_checkins or

friends_checkins as

appropriate

JSON Array Object Containing(id, from,

message, created_time)

Likes Users who like this checkin. user_checkins or

friends_checkins as

appropriate

JSON Object Containing(id, name)

Chart

Comment Object Properties#1 A comment on Feed

Object Description Permission Return Value

Id The Facebook ID of the comment generic

access_token

String(Single object is Always String)

From The user that created the comment the same as

above

JSON Object containing(id, name)

Message The comment text String

Created_Time The timedate the comment was

created

String containing an ISO-8601 date time

Likes The number of times this comment

was liked

Integer

Chart

Comment Object Connections

The Comment object has the following connections.

Name Description Permission Return Value

likes All of the likes on this comment Any valid

access_token

JSON Array Object Containing(id, name)

Comment Object Properties#2

Object Description Permission Return Value

User_likes This Field is returned only if the

authenticated user likes this

comment

Generic

access_token

String(always true)

type The Type of this object; always

returns comment

Generic

access_token

String

Chart

Domain Object Properties A web site domain within the Graph API. To register your own Domain, you must claim your domain name using

Facebook Insights.

Object Description Permission Return Value

Id The ID of the domain No access_token

required

String(Single object is Always String)

name The name of the domain No access_token

required

String(Single object is Always String)

Chart

Event Object Properties#1 A Checkin represents a single visit by a user to a location. The User and Page objects have checkin connections. The

behavior of Checkins is affected by the "Include Checkins with Statuses" migration setting.

Object Description Permission Return Value

Id The event ID generic

access_token,

user_events or

friends_events

String(Single object is Always String)

Owner The profile that created the event the same as

above

JSON Object containing(id, name)

Name The event title String(Single object is Always String)

Description The long-form description of the

event

String(Single object is Always String)

Start_time The start time of the event, as you

want it to be displayed on facebook

String containing an ISO-8601 date time

Chart

Event Object Properties#2

Object Description Permission Return Value

End_time The end time of the event, as

you want it to be displayed on

facebook

the same as above

String containing an ISO-8601 date time

Location The location for this event String

venue The location of this event JSON Array Object containing(id, street,

city, state, zip, country, latitude,

longitude )

Privacy The visibility of this event String(OPEN,CLOSED,SECRET)

Update_time The last time the event was

updated

String containing an ISO-8601 date time

Chart

Event Object Connections#1

Name Description Permission Return Value

Feed This event's wall. any valid

access_token,

user_events or

friends_events

JSON Array of POST Object

Noreply All of the users who have been

not yet responded to their

invitation to this event.

the same as above JSON Object Containing(id, name,

rsvp_status)

Invited All of the users who have been

invited to this event.

JSON Object Containing(id, name,

rsvp_status)

Attending All of the users who are

attending this event.

JSON Object Containing(id, name,

rsvp_status)

Chart

Event Object Connections#2

Name Description Permission Return Value

Maybe All of the users who have been

responded "Maybe" to their

invitation to this event.

the same as above JSON Object Containing(id, name,

rsvp_status)

Decline All of the users who declined

their invitation to this event.

JSON Object Containing(id, name,

rsvp_status)

Picture The event's profile picture. Returns a HTTP 302 with the URL of the

event's picture

video The videos uploaded to an event. valid user

access_token

JSON Array of Video Object

Chart

FriendList Object Connections

The Comment object has the following connections.

Name Description Permission Return Value

Member All of the users who are

members of this list.

read_friendlists JSON Array Object Containing(id, name)

FriendList Object Properties

Object Description Permission Return Value

ID The friend list ID read_friendlists String(always true)

Name The name of the friend list the same as above String

List_type The type of the friends list; Possible values are:

close_friends, acquaintances, restricted, user_created,

education, work, current_city or family

String

Infographics

References Papers

Papers

Facebook Developer Page

https://developers.facebook.com/

http://ogp.me