Facebook Developer Subscriptions – Part 1

So Facebook has an API.  It’s pretty full featured although the documentation seems to be a little on the weak side.

After a little glancing, I thought “I can do this” and followed the sample php code to create a “Login” page for my test site.  I then spent all kinds of time and notebook paper coming up with an elaborate series of cron jobs to use the Access Token to make requests on the user’s behalf so I can periodically check for updates while they’re away.

Then I read the manual.

Facebook offers a subscription service via Real-Time Updates where you can request to be notified of certain changes as they happen.  Facebook doesn’t actually tell you what the changes are, but they notify you that a certain type of change has occurred (new friends, activities, etc.) Cool.

Great.  So all I need to do is get a user authenticated to my application using some example code from the php SDK, let Facebook know what kinds of updates I’m interested in, and set up an endpoint to get that data.  Easy enough, right? Ha.

So the way the Facebook API works is that you request a user’s data using their Access Token (that the developer gets when the user allows a certain application access).  The main problem with using this vanilla approach with subscriptions is that the access token given when using the example code in the php SDK expires after a little while.  Well, I want to get user updates all the time so I need a token that doesn’t expire.  This requires using Extended Permissions.  A quick look through the list tells me I need the “offline_access” permission.

Unfortunately, this is where I realized that the example code in the php SDK starts to lack.  The login URL built into the SDK $facebook->getLoginURL() doesn’t allow you add your requested permission in.  We’ll need to take a few extra steps to get what we’re looking for.

First, we need to construct our own login URL. The format will look something like this:

https://graph.facebook.com/oauth/authorize/client_id={your application ID}&redirect_URL={where to send the user after they do OR don’t authenticate}&scope=offline_access

Using this in place of the function call will cause the user to see something like this when they click on “Login”:

Request for Permissions

When your user clicks “Allow”, they will be redirected back to your redirect_url with an additional parameter called “code”.  Our neverending access token! Well, almost.  Now we need to make another request, server side time, to Facebook to turn this code into an actual access token.  This is done by requesting from a URL like this:

https://graph.facebook.com/oauth/access_token/client_id={your application ID}&redirect_URL={where to send the user after they do OR don’t authenticate}&client_secret={your secret code made when setting up developer account}&code={the code you just got in your return URL from Facebook}

Getting this URL returns the following data:


So you’re application will have to parse our your actual access token from the string, but that should be a good start.

Update: after playing with this for a little bit, I found that the facebook session will return the access_token with extended permissions to you when your user is redirected back to your page.  This means you can do something like access $facebook->session->[‘access_token’] and save that instead of having to use curl for that second URL.

Next up: setting up your subscriptions and endpoint.

  1. No comments yet.

  1. No trackbacks yet.