Search code examples
javascriptfacebookfacebook-graph-apifacebook-javascript-sdkfacebook-access-token

Get an access token without being connected to facebook

I need to retrieve a facebook page's list of posts (feed) using their javascript SDK, just like they explain in their docs: https://developers.facebook.com/docs/graph-api/reference/v2.4/page/feed

/* make the API call */
FB.api(
    "/{page-id}/posts",
    function (response) {
      if (response && !response.error) {
        /* handle the result */
      }
    }
);

I need it to be my website's "news section", so users should see it even if they are not connected to facebook.

The problem

Cool, but there is a problem... It returns: An access token is required to request this resource. Holy cow... I'd like to get some access token for you @facebook, but my app doesn't make use of your authentication tools/plugins. ANYWAY, I tried with FB.getLoginStatus(); but doesn't work, because the only way it can return an access_token is if the user is actually connected to the application. My users may not even be logged to facebook!

So, ¿How can I get an access_token to be stored into a variable, and later be used to get /{my-page}/posts?

I've already payed a look to this SO question, but it doesn't solves my problem, simply because there are no such "generic tokens". I've also read https://developers.facebook.com/docs/facebook-login/access-tokens/ and that also relies on tokens generated through facebook login methods... So, can't I display a list of fb page's posts in my website, without being connected into facebook, hence an application?

ADD: My app is build with angularJS, I'm not dealing with server-side code. I shall rely purely on javascript methods.

Solution

  • You could either use an page or an app access token, but as you'd be using them on the client-side, neither of them are an option.

    See

    Note that because this request uses your app secret, it must never be made in client-side code or in an app binary that could be decompiled. It is important that your app secret is never shared with anyone. Therefore, this API call should only be made using server-side code.

    I'd strongly recommend to build a simple server-side script (PHP for example) to proxy the request to the Graph API. You could then call this via AJAX for example and load the posts asynchronously (and alse get rid of the FB JS SDK!). There is NO way to handle this in a secure manner if you don't want to use FB Login for all of your users (which also doesn't make much sense IMHO).