0

Our application runs multiple sites for multiple customers. One service we offer is to write and post social media for our customers. We also allow the customers to do posts themselves through the application admin.

In order to facilitate the non-automated posts for customers, one of our users has access to the pages of many customers through her Facebook login.

The problem comes if she uses our application to generate an auth token through the admin area of the customer's site.

The application sends its own appID and secret key to Facebook, and the user receives the Facebook login page.

However, she used to be able to choose which page/customer she wished to log in to. Now, once the login data is submitted, Facebook immediately sends a token back to the "return URL." There's no opportunity to choose which Facebook page the auth is for.

The token appears to be linked to the user's "main" page (which is a page of ours).

Obviously, we need to be able to say "I'm logging in to Facebook page X of the many pages I'm authorized for."

Just to be clear: this is not an issue regarding authorization for our application in general. It's the specific case when the Facebook login is attached to multiple pages.

Can anyone give me some advice, please, even if it's just a link to an appropriate spot in the API docs? I've had no luck searching them.

Thanks,

Tom

Edit: First, to the question about "multiple domains": perhaps I shouldn't have put that in the title, since it's not relevant to Facebook per sé,

We host many clients who obviously have many domains. They administer their site content through a CMS which can, among other things, work with Facebook. A client often has a Facebook page; so for us at least, there is often a one-to-one correspondence between a client's site/domain and her/his Facebook page.

When someone goes through the process in question, s/he is administering the site, but may be attempting to post to a Facebook page. And one of our in-house admins has access to many clients' Facebook pages.

So let me rephrase: the admin logs in to a client's site. She attempts to authorize our application to post to that client's page. Our application sends its id/key data to Facebook, and she is taken to the login page.

The question is, how do we let Facebook know that we are seeking authorization to post to one of the many accounts/pages she can access?

Thanks for the help.

tmcneer
  • 65
  • 5
  • 1
    You can not log in “as” a page, but as a user only. And to get the pages the user is an admin for, you make a request to `/me/accounts`. – CBroe Jun 24 '15 at 21:13
  • And what does this have to do with “multiple domains”, as you put in the question title? – CBroe Jun 24 '15 at 21:13

1 Answers1

0

As pointed out by CBroe in the comment, if you want to post as a page, you need to have a page access token of the page that you admin. Once you have granted manage_pages permission to the app, you can call the /me/accounts edge to get the list of all pages that you admin and their access tokens. You can then use the page access token of the page to post on behalf of the page. Note: You will need publish_pages permission in addition to be able to post on behalf of the page. Permissions are documented here.

bangdel
  • 2,523
  • 5
  • 28
  • 42
  • Thanks very much for your response. I understand that a page access token is necessary. And I understand the necessary permissions. In fact, obtaining the token is the process I'm trying to describe. The issue is, when an application submits its keys and the user is directed to the FB login, how does one choose/specify the page one wishes an access token for? All correct permissions are in place. The user needs to be able to say, "I need an access token for page X out of the 15 pages I have permissions to publish to." – tmcneer Jun 29 '15 at 14:44
  • You might need to implement that yourself. 1. Let the user login with Facebook with the manage_pages permission granted. 2. Once the user is logged in, make a call to /me/accounts API. 3. The response contains a list of page-ids, name, associated page access token along with additional data. 4. Parse this data to obtain the list of page names and write some implementation to allow user to pick one. – bangdel Jun 30 '15 at 09:12
  • Thanks for the reply. What I've found since the last post is one of the often-encoutnered auth token expiration issues. I'm going through the process Bangdel described. But I'm getting the FB "session does not match stored session" message - despite the fact that the access token used in the /me/accounts API was obtained less than a second earlier. This, of course, is its own problem - one of which many have encountered. So thanks for the replies to this thread, but the problem is actually different than first thought. – tmcneer Jun 30 '15 at 13:10
  • Are you using the same access token that you used for /me/accounts to publish? If yes then there's the problem. Use the access token obtained from the response from /me/accounts inside the data object. – bangdel Jun 30 '15 at 15:43
  • Bangdel, thanks for the reply. Maybe I'm missing something, but the application has to pass an access token _into_ the /me/accounts call. That's where I'm getting the "session does not match" response: when I do "/me/accounts?access_token=myAccessToken". – tmcneer Jun 30 '15 at 19:25
  • Let's re-start this one more time. So at this point, I'm no longer getting a "session does not match" response. I'm now getting an empty "data" object when I call /me/accounts. The access token being passed in that call is one retrieved by my app after it sends its keys. I have found a post that suggests that the empty data object occurs when an access token does not have manage_pages permission. And the debug tool reports that the access token does _not_ have that permission. Yet in the user account, the application is shown to be able to "Manage Your Pages." ???? – tmcneer Jun 30 '15 at 20:57
  • "access token does not have that permission" could mean 'manage_pages' has been not submitted for approval and you are testing with a user who is not admin/developer of the app. Either submit the permission and have it approved before using it or test with a user who is an admin/developer. Include manage_pages permission in the scope for login. To make sure, for the test user delete your app from https://www.facebook.com/settings?tab=applications and login fresh into the app again. You should get a dialog asking "Your app would like to manage your Pages and publish as Pages you manage." – bangdel Jul 01 '15 at 12:49
  • Again, thanks Bangdel for your response. I came to the same conclusion about needing to request manage_pages for the app. It's an old app and has never been truly updated to match the newer API or permissions requirements. I've submitted the permission request. Hopefully, that will solve the problem. I appreciate all the help. – tmcneer Jul 01 '15 at 16:01
  • If the approval time is blocking you then you can still test with a user who is admin/developer of the app. Like I stated earlier remove the app from the test user's apps and try logging back with all required permissions granted. Also, if your app is publishing, you might want to submit publish_pages permission as well for approval. – bangdel Jul 01 '15 at 20:04
  • Thanks. I think we're okay with the approval time, and the app already has publish_pages permission. – tmcneer Jul 02 '15 at 12:58