UPDATE: Facebook
offline_access
permission is being deprecated. Please refer to the official documentation for more information.
You'll have till May 1, 2012, at which date this setting will be disabled. refer to the Developer Roadmap for more info.
After searching literally 1 day on facebook and google for an up-to-date and working way to do something seemingly simple:
I am looking for a step-by-step explanation to get offline_access for a user for a facebook app and then using this (session key) to retrieve offline & not within a browser friends & profile data.
Preferrably doing this in the Fb Java API.
Thanks.
And yes I did check the facebook wiki.
Update: Anyone?
this:
http://www.facebook.com/authorize.php?api_key=<api-key>&v=1.0&ext_perm=offline_access
gives me offline_Access, however how to retrieve the session_key?
Why can't facebook just do simple documentation, I mean there are like 600 people working there?
The seemingly same question: Getting offline_access to work with Facebook Does not answer how to retrieve the session key
Edit: I am still stuck with that. I guess nobody really tried such a batch access out yet...
With the new Facebook Graph API, things got a bit simpler but far less well documented. Here's what I did to be able to load my wall posts as me from a server side only (not part of a browser session) php script:
create a facebook application, if you don't already have one usable for this project
http://www.facebook.com/developers/apps.php#!/developers/createapp.php
-- and set sandbox/developer mode on! @ Advanced Settings > Sandbox Mode > Enable (Lets only the developers of your application see it.)
You'll need the Application ID (APP_ID) and Secret Key (SECRET_KEY) that are listed on your developer account summary of that application but not the old API Key.
load in your browser, already logged in to fb as the account you want your server side app to connect as, and click "allow" for the requested permissions:
https://graph.facebook.com/oauth/authorize?client_id=APP_ID&scope=offline_access,read_stream&redirect_uri=http://www.facebook.com/connect/login_success.html
copy the "code" parameter from the resulting url's query string, use that in:
https://graph.facebook.com/oauth/access_token?client_id=APP_ID&redirect_uri=http://www.facebook.com/connect/login_success.html&client_secret=APP_SECRET&code=CODE_FROM_2
And copy the right hand side of access_token= in the resulting page's text, which will be in the structure of: APP_ID|HEXNUM-USER_ID|WEIRD_KEY
now download either from the graph api or the classic rest api using the oath access token you just got ala (where SOURCE_ID is the facebook id for the user/group/whatever that you are looking up):
<?php
$stream = json_decode(file_get_contents("https://api.facebook.com/method/stream.get?source_ids=SOURCE_ID&access_token=ACCESS_TOKEN&format=json"));
var_dump($stream);
// this one gives a 500 internal server error from the http get if any of the fields are invalid, but only in php, not when loaded in a browser... weird.
$feed = json_decode(file_get_contents("https://graph.facebook.com/SOURCE_ID/feed?fields=id,from,created_time,link,type&access_token=ACCESS_TOKEN"));
var_dump($feed);
?>
Noting that the graph api and rest api return not just different structures, but also different information -- so here, I prefer the results from the rest api (the first one) even though I like being able to restrict the fields in the new graph api (the second one).
Look at http://developers.facebook.com/docs/authentication/ in the sections "Requesting Extended Permissions" and "Authenticating Users in a Web Application" for the official (sparse) details.
If you want to do this routinely, i.e. programmatically, here's the automated version of steps 2+3:
Put this on your web server as "facebook_access_token.php":
<?php $token = explode('=', file_get_contents("https://graph.facebook.com/oauth/access_token?client_id=APP_ID&redirect_uri=http://$_SERVER[SERVER_NAME]$_SERVER[PHP_SELF]&client_secret=APP_SECRET&code=" .
(get_magic_quotes_gpc() ? stripslashes($_GET['code']) : $_GET['code'])));
echo $token[1];
// store this, the access token, in the db for the user as logged in on your site -- and don't abuse their trust! ?>
And direct users in their browsers to:
https://graph.facebook.com/oauth/authorize?client_id=APP_ID&scope=offline_access,read_stream&redirect_uri=http://www.example.com/facebook_access_token.php