Articles

For a current project, we are integrating a site with Facebook Connect and linking users of our T1EOS (our Content Management System) to their accounts. When administrators create content, the CMS publishes the article to their brand page directly from the CMS behind the scenes. This was a bit tricky to figure out how to accomplish (wasn't sure it was possible at first) given that the Facebook API had pretty much completely changed from the last time I used it; Facebook now uses OAuth 2.0 for authentication and authorization. So this article then will be an overview of how to get a permanent session (or access_token as it's called on Facebook) that will allow you to post to your fan page as the page (and not your user account).

To start, you must be an adminstrator of the page you want to post as. We're going to essentially be posting from the Application to the Page, but to post from a Facebook Application, you must give the application permission to post to your wall and also permission for offline access. In our case, offline access allows the CMS to process and post content even when I am not logged in. Once you've give permission for the application to post for you, it should be able to post to any pages you are a full administrator of. When you do it like this the post will appear as written if by the page, not your user account.

Luckily the client I am working for was gracious enough to mark me an administrator of their page, but I first tested with Typeoneerror's Fan Page. Go to your own fan page and note the ID in the url for later (hint: it comes after ?id=).

Next, you need to create a Facebook Application. If you haven't yet, you'll need to install the Facebook Developer application. Create an application and give it a name. Note your API Key, Application ID, and Application Secret. The only other thing you should need to change is your Connect URL and Base Domain. Let's just say for example's sake that we'll use http://mydomain.dev/ and mydomain.dev respectively.

Next, you need to authorize your application with some extended permissions. This is quite simple, just point a browser to the following URL, replacing {CLIENT_ID} with your Application ID and {YOUR_DOMAIN} with your Connect URL (note that your URL must have a trailing slash or it may error):

https://graph.facebook.com/oauth/authorize?client_id={CLIENT_ID}&scope=offline_access,publish_stream,create_event,rsvp_event,sms,manage_pages&redirect_uri={YOUR_DOMAIN}

Note the scope parameter. Here we are sending the extended permissions the app wants. If this is your first time authenticating, you'll see a nicely designed window explaining what the app is requesting access to. For our purposes, all we need is offline_access and publish_stream. Offline access will give us a permanent access key, allowing us to make calls to the API without being logged in or authenticated. Publish stream allows the app to, well, publish to your streams.

After you authenticate, you'll be redirected back to YOUR_DOMAIN but now you'll see a query param added to the URL which will look something like:

http://mydomain.dev/?code=1234567890abcdef.

The actual code will be much longer ;) Note it down for later. This is our authentication code that will allow us to get a permanent key. This is not the permanent key quite yet. So how do we get the permanent key? Request one from the access_token service:

https://graph.facebook.com/oauth/access_token?client_id={CLIENT_ID}&redirect_uri={YOU_DOMAIN}&client_secret={APPLICATION_SECRET}&code={YOUR_CODE}

Fire off a cURL request to the above URL, replacing {CLIENT_ID} with your Application ID, {YOUR_DOMAIN} with your Connect URL (make sure it has a trailing slash), {APPLICATION_SECRET} with your Application's Secret Key and {YOUR_CODE} with the code from the previous step. The result should be simply a piece of text that looks like this:

access_token=1234567890abcdef.

Your permanent session access token! Hooray. So let's use it. I'm using the Zend Framework so you'll see some logging includes in this code. You can ignore them. Please read the comments as I noted some tutorial notes in there. Here's the PHP snippet I wrote to post to my Page's wall from an external website. With luck, change the settings noted below and a post will appear on your page's wall too!

require_once "../library/Typeoneerror/Facebook/Library/facebook.php";
require_once "../library/Zend/Debug.php";

// need to turn these options off otherwise
// you will get errors from the API
Facebook::$CURL_OPTS[CURLOPT_SSL_VERIFYHOST] = 0;
Facebook::$CURL_OPTS[CURLOPT_SSL_VERIFYPEER] = 0;

// Replace with your page's ID
$pageId = "YOUR_PAGE_ID";
// Replace with your permanent session key from the last step
$permSess = "YOUR_PERMANENT_ACCESS_KEY";

// create the Facebook API
$facebook = new Facebook(array(
    "appId"  => "YOUR_APPLICATION_ID",
    "secret" => "YOUR_APPLICATION_SECRET",
    "cookie" => true,
));

// should log out your page's info.
// simply makes a call to the Graph API
// you don't need a session for this.
$page = $facebook->api("/{$pageId}");
Zend_Debug::dump($page);

// publish to the page
// you do need a session for this.
$rest = $facebook->api(array(
    "uid"          => $pageId,
    "method"       => "stream.publish",
    "access_token" => $permSess,
    "message"      => "This is a test. Experimentation with OAuth and permanent sessions on Facebook.",
));

// should log an ID of a created wall post
Zend_Debug::dump($rest);

Did you like this article? Maybe you'll like our company page: