Upload
seung-hyun-seo
View
1.685
Download
2
Embed Size (px)
Citation preview
Writer : Seunghyun Seo
Contact: [email protected]
Facebook Open Graph Authentication To Get Access Permission
Facebook Open Graph Authentication
► Introduction
► Access Token
► Permission
► Graph API
► Appendix
► References
Contents
Introduction Abstract
Introduction
Open Graph is Core Concept in Facebook
The Graph API is the core of Facebook
Platform for Development ► Open Graph Theory
Authentication ► Facebook authentication enables your app to interact
with the Graph API on behalf of Facebook users and
provides a powerful single-sign on mechanism across
Web, mobile, and desktop apps.
Tools For Developer ► Insights, Graph API Explorer, JavaScript Test Console,
Test Users, URL Linter .
PAGE ## | DATE
Access Token
Access Token
Authenticating as an Application allows your application to
obtain an App Access Token.
Obtain an App Access Token. ► The API will respond with a query-string formatted string of the form.
► You should parse this string, and use the value in the access_token
parameter to to the API.
► App access tokens do not expire unless you refresh you app's App
Secret.
Make requests to the API. ► An app access token allows you to make requests as an application,
not a user.
► To retrieve the details of your application, perform an HTTP GET.
► To read your applications insights data, perform an HTTP GET.
String Format ► Https://[REDIRECTURL]#access_token=[ACCESS_TOKEN]
Access Token
2012, May, 2 offline_access Permission will be eliminated.
Allow Other way.- Handling Expired Access Tokens.
Currently the long-lived user access_token will be valid for
60 days while the short-lived user access_tokens are valid
from 1 to 2 hours.
PAGE ## | DATE
Permission
Permission
By default, when authorizing your application, a user only
grants your app access to their basic information.
If you want to read additional data or write data to Facebook,
you need to request additional permissions.
In the various authentication flows, you should specify the
additional permissions you require using the scope parameter.
To see which additional permissions you can request, and the
access they offer you, see the Permissions reference.
Permission
Basic Information ► Id, name, picture, gender, locale, Friends Connection, Public Data
User and Friend Permissions
Extended Permissions ► Individually user-revocable.
Open Graph Permission ► To Publish Action
Page Permission ► Manage User’s Page
Permission
User Permission Friends Permission Description
user_about_me friends_about_me Provides access to the "About Me" section of the profile in the
about property
user_activities friends_activities Provides access to the user's list of activities as the activities
connection(belong to Likes)
user_birthday friends_birthday Provides access to the birthday with year as the birthday
property
user_checkins friends_checkins Provides read access to the authorized user's check-ins or a
friend's check-ins that the user can see. This permission is
superseded by user_status for new applications as of
March, 2012.
user_education_history friends_education_history Provides access to education history as the education property
user_events friends_events Provides access to the list of events the user is attending as
the events connection
Permission
User Permission Friends Permission Description
user_groups friends_groups Provides access to the list of groups the user is a member of as
the groups connection
user_hometown friends_hometown Provides access to the user's hometown in the hometown
property
user_interests friends_interests Provides access to the user's list of interests as the interests
connection(belong to Likes)
user_likes friends_likes Provides access to the list of all of the pages the user has liked
as the likes connection
user_location friends_location Provides access to the user's current location as the location
property
user_notes friends_notes Provides access to the user's notes as the notes connection
Permission
User Permission Friends Permission Description
user_photos friends_photos Provides access to the photos the user has uploaded, and
photos the user has been tagged in
user_questions friends_questions Provides access to the questions the user or friend has asked
user_relationships friends_relationships Provides access to the user's family and personal
relationships and relationship status
user_relationship_details friends_relationship_detail
s
Provides access to the user's relationship preferences
user_religion_politics friends_religion_politics Provides access to the user's religious and political
affiliations
user_status friends_status Provides access to the user's status messages and check-ins.
Please see the documentation for the location_post. you were t
agged in the Post, a friend was tagged in the Post, you authore
d the Post, a friend authored the Post
Permission
User Permission Friends Permission Description
user_videos friends_videos Provides access to the videos the user has uploaded, and
videos the user has been tagged in(belong to Likes)
user_website friends_website Provides access to the user's web site URL
user_work_history friends_work_history Provides access to work history as the work property
email N/A Provides access to the user's primary email address in the
email property. Do not spam users. Your use of email must
comply both with Facebook policies and with the CAN-SPAM
Act.
Permission
Graph API
Graph API
Method Description Argument
/PROFILE_ID/feed Publish a new post on the given profile's
feed/wall
message, picture, link, name, caption,
description, source, place, tags
/OBJECT_ID/comments Comment on the given object (if it has a
/comments connection)
message
/OBJECT_ID/likes Like the given object (if it has a /likes
connection)
Everything have object ID. But, There is
no object in “Comment likes”. it just
show like count.
none
/PROFILE_ID/notes Publish a note on the given profile message, subject
/PROFILE_ID/links Publish a link on the given profile link, message, picture, name, caption,
description
/PROFILE_ID/events Create an event name, start_time, end_time
Format ► Https://graph.facebook.com/ID/Connection?access_token=[ACCESSTOKEN]
► Connection that you can use is Explained by Chart
Graph API
Method Description Argument
/EVENT_ID/attending RSVP "attending" to the given event none
/EVENT_ID/maybe RSVP "maybe" to the given event none
/EVENT_ID/declined RSVP "declined" to the given event none
/PROFILE_ID/albums Create an album name, message
/ALBUM_ID/photos Upload a photo to an album message, source, place (multipart/form-data)
/PROFILE_ID/checkins Create a check-in at a location
represented by a Page
coordinates, place, message, tags
Before 2012. 5. 2. Your Wall is Yours, but post that made of others is not your permission. That
is not yours. it has friends Permission
After 2012. 5.2. Facebook Change Privacy Policy. Removed offline Permission. And You can
Access Friend’s Post in Your Wall.
Open Graph Object
Open Graph Object
Object Description Object Description
Achievement Instance for an achievement for a
user
Album A Photo Album
Application An Application Registered on
Facebook Platform
Checkin A checkin made Through Facebook
Place or the Graph API
Comment A Comment on a Graph API object Domain A Website Domain within the Graph API
Event A Facebook Event FriendList A Facebook Friend List. This object
represents the list itself and not the
members of the list.
Group A Facebook Group Insight Statistics About Applications, Pages, or
Domain
Link A Shared Link Message A message in a Thread
Note A Facebook Note Offer An Offer Published by a Page
List of Open Graph Object
Open Graph Object
Object Description Object Description
Order An order object associated with
facebook credit
Page A Facebook Page
Photo An Individual Photo within an
Album
Post An Individual entry in a profile’s feed
Question A Question Asked by a user, as
represented in the graph API
QuestionOption An Option Aloowed as an answer to a
question
Review A Review for an application Status message A status message on a user’s wall
Subscription A subscription to an application to
get real-time updates an Graph
object type
Thread A message thread
user A user profile video An individual video
Appendix Chart, Infographics
Chart
Achievement Object Properties The achievement(Instance) object represents the achievement achieved by a user for a particular app.
Object Description Permission Return Value
Id Id of the achievement(instance) app or user
access_token
String(Single object is Always String)
From The user who achieved the
achievement
app or user
access_token
JSON Object containing(id, name)
Created_time Time at which the achievement
was achieved
app or user
access_token
String containing an ISO-8601 date time
Application The application in which the user
achieved the achievement
app or user
access_token
JSON Object containing(id, name)
Achievement The achievement object that the
user achieved
app or user
access_token
JSON Object containing(id, url, type, title)
likes likes received by the story app or user
access_token
JSON Object contained[count of likes,
JSON Object Array containing(id, name) ]
comments Comments received by the
achievement story
app or user
access_token
JSON Object containing Comments
Object(count of comment, JSON Object
From, message, Created time)
Chart
Album Object Properties#1 If an app lets a user choose an album when uploading photos, the app should check the can_upload flag to be sure that
the app is allowed to add new photos to the album.
Object Description Permission Return Value
Id The Album ID Any valid access_token
or user_photos or
friend_photos
String(Single object is Always String)
From The Profile that created this Album Any valid
access_token
JSON Object containing(id, name)
Name The Title of the Album Any valid access_token or
user_photos or
friend_photos
String
Description The Descriprtion of the album the same as above String
Location The Location of the Album String
Link A Link to this Album on Facebook String(Valid URL)
Chart
Album Object Properties#2
Object Description Permission Return Value
Cover_Photo A Link to this Album on Facebook the same as above String
Privacy The Privacy Setting for the
Album
String
Count The Number of Photos in this
Album
String
Type The Type of the Album String( Profile , Mobile Wall, Normal )
Created_Time The Time the Photo Album was
initially created
String containing an ISO-8601 date time
Updated_Time The Last Time the Photo Album
was updated
String containing an ISO-8601 date time
Can_Uploaded Determines whether the UID can
upload to the album and returns
true
Boolean
Chart
Album Object Connections
The Album object has the following connections. Connections give Specific URL for to obtain JSON
Object.
Name Description Permission Return Value
Photos The Photos caontained in this
album
Any valid
access_token or
user_photos or
friend_photos
JSON Array Object of Photo
Likes The Likes made on this album the same as above
JSON Object Containing(id, from,
message, created_time)
Comments The Comments made on this
album
JSON Array Object Containing(id, name)
Pictures The Album’s cover Photo, the
first picture uploaded to an album
becomes the cover photo for the
album.
HTTP 302 redirect to URL of the album's
cover picture
Chart
Checkin Object Properties#1 A Checkin represents a single visit by a user to a location. The User and Page objects have checkin connections. The
behavior of Checkins is affected by the "Include Checkins with Statuses" migration setting.
Object Description Permission Return Value
Id The checkin ID user_checkins String(Single object is Always String)
From The ID and name of the user who
made the checkin
the same as
above
JSON Object containing(id, name)
Tags The users the author tagged in the
checkin
JSON Array Object containing(id, name)
place Information about the Facebook
Page that represents the location of
the checkin
JSON Object containing[id, name,
JSON Object location containing(latitude,
longitude)]
Application Information about the application
that made the checkin
JSON Object containing(id, name,
Canvas name, namespace)
Chart
Checkin Object Properties#2
Object Description Permission Return Value
Created_time The time the checkin was
created
the same as above
String containing an ISO-8601 date time
Like Users who like the checkin JSON Array Object containing(id, name)
Message The Message the user added to
the checkin
String
Comments All of the Comments on this link JSON Array Object containing(id, from,
message, created_time)
Type The Type of this object; always
return checkin
String
Chart
Checkin Object Connections
The Album object has the following connections. Connections give Specific URL for to obtain JSON
Object.
Name Description Permission Return Value
Comments All of the comments on this
checkin.
user_checkins or
friends_checkins as
appropriate
JSON Array Object Containing(id, from,
message, created_time)
Likes Users who like this checkin. user_checkins or
friends_checkins as
appropriate
JSON Object Containing(id, name)
Chart
Comment Object Properties#1 A comment on Feed
Object Description Permission Return Value
Id The Facebook ID of the comment generic
access_token
String(Single object is Always String)
From The user that created the comment the same as
above
JSON Object containing(id, name)
Message The comment text String
Created_Time The timedate the comment was
created
String containing an ISO-8601 date time
Likes The number of times this comment
was liked
Integer
Chart
Comment Object Connections
The Comment object has the following connections.
Name Description Permission Return Value
likes All of the likes on this comment Any valid
access_token
JSON Array Object Containing(id, name)
Comment Object Properties#2
Object Description Permission Return Value
User_likes This Field is returned only if the
authenticated user likes this
comment
Generic
access_token
String(always true)
type The Type of this object; always
returns comment
Generic
access_token
String
Chart
Domain Object Properties A web site domain within the Graph API. To register your own Domain, you must claim your domain name using
Facebook Insights.
Object Description Permission Return Value
Id The ID of the domain No access_token
required
String(Single object is Always String)
name The name of the domain No access_token
required
String(Single object is Always String)
Chart
Event Object Properties#1 A Checkin represents a single visit by a user to a location. The User and Page objects have checkin connections. The
behavior of Checkins is affected by the "Include Checkins with Statuses" migration setting.
Object Description Permission Return Value
Id The event ID generic
access_token,
user_events or
friends_events
String(Single object is Always String)
Owner The profile that created the event the same as
above
JSON Object containing(id, name)
Name The event title String(Single object is Always String)
Description The long-form description of the
event
String(Single object is Always String)
Start_time The start time of the event, as you
want it to be displayed on facebook
String containing an ISO-8601 date time
Chart
Event Object Properties#2
Object Description Permission Return Value
End_time The end time of the event, as
you want it to be displayed on
the same as above
String containing an ISO-8601 date time
Location The location for this event String
venue The location of this event JSON Array Object containing(id, street,
city, state, zip, country, latitude,
longitude )
Privacy The visibility of this event String(OPEN,CLOSED,SECRET)
Update_time The last time the event was
updated
String containing an ISO-8601 date time
Chart
Event Object Connections#1
Name Description Permission Return Value
Feed This event's wall. any valid
access_token,
user_events or
friends_events
JSON Array of POST Object
Noreply All of the users who have been
not yet responded to their
invitation to this event.
the same as above JSON Object Containing(id, name,
rsvp_status)
Invited All of the users who have been
invited to this event.
JSON Object Containing(id, name,
rsvp_status)
Attending All of the users who are
attending this event.
JSON Object Containing(id, name,
rsvp_status)
Chart
Event Object Connections#2
Name Description Permission Return Value
Maybe All of the users who have been
responded "Maybe" to their
invitation to this event.
the same as above JSON Object Containing(id, name,
rsvp_status)
Decline All of the users who declined
their invitation to this event.
JSON Object Containing(id, name,
rsvp_status)
Picture The event's profile picture. Returns a HTTP 302 with the URL of the
event's picture
video The videos uploaded to an event. valid user
access_token
JSON Array of Video Object
Chart
FriendList Object Connections
The Comment object has the following connections.
Name Description Permission Return Value
Member All of the users who are
members of this list.
read_friendlists JSON Array Object Containing(id, name)
FriendList Object Properties
Object Description Permission Return Value
ID The friend list ID read_friendlists String(always true)
Name The name of the friend list the same as above String
List_type The type of the friends list; Possible values are:
close_friends, acquaintances, restricted, user_created,
education, work, current_city or family
String
Infographics
References Papers
Papers
Facebook Developer Page
https://developers.facebook.com/
http://ogp.me