I have an application using Laravel 5.5 and the LaravelFacebookSDK (https://github.com/SammyK/LaravelFacebookSdk) in order to get some data from Facebook, based on which user is currently logged into the app.
I recently noticed that some (maybe all?) other users were no longer able to query Facebook, while my own user can still make the same queries that it was doing before (getting data from public events that the user is attending).
When I get a token, then make additional graphQL queries, they succeed. When another user does the same thing, they get the token, but return an error on the query:
{"error":{"message":"Unsupported get request. Object with ID '435016800548876' does not exist, cannot be loaded due to missing permissions, or does not support this operation. Please read the Graph API documentation at https:\/\/developers.facebook.com\/docs\/graph-api","type":"GraphMethodException","code":100,"error_subcode":33,"fbtrace_id":"AFeSpqbLbSXnZjP16NENZ-M"}}
I did some tests, getting access tokens for my own user and for another user, and compared them using the debug tool: https://developers.facebook.com/tools/debug/accesstoken/
The only specific different I see is the scopes for each Access Token.
For the limited/failing user, it returns: Scopes public_profile
But for my user: Scopes user_events, email, manage_pages, pages_manage_cta, pages_manage_instant_articles, pages_show_list, publish_pages, read_page_mailboxes, business_management, pages_messaging, pages_messaging_phone_number, pages_messaging_subscriptions, public_profile
What determines the scopes that are available for a user? Shouldn't the app's token request ask for what scopes it needs?
via Chebli Mohamed
Aucun commentaire:
Enregistrer un commentaire