Assume an application with an id 116122545078207
, and using the URL of the blog (http://benbiddington.wordpress.com) to collect request tokens.
Following the instructions as specified in section 22.214.171.124., Client Requests Authorization,
of the specification
, this is a one-step process:
Open this in a browser:
Note: there are several options for scope. These are called extended permissions
Note: unless you specify offline_access
, your tokens will expire as soon as the user signs out of facebook.
is not supplied:
[3.5.1. User-Agent Flow] This user-agent flow does not utilize the client secret since the client executables reside on the end user’s computer or device which makes the client secret accessible and exploitable.
You’ll be redirected to:
And you have your access token, you can go ahead and use it:
According to section 3.5.1. Client Requests Authorization
, because we have not supplied the optionalsecret_type:
OPTIONAL. The access token secret type as described by
Section 5.3. If omitted, the authorization server will issue
a bearer token (an access token without a matching secret)
as described by Section 5.2.
What can you do with the graph?
Borrowed from https://developers.facebook.com/docs/reference/api/
At Facebook’s core is the social graph; people and the connections they have to everything they care about. The Graph API presents a simple, consistent view of the Facebook social graph, uniformly representing objects in the graph (e.g., people
, and pages
) and the connections between them (e.g., friend relationships, shared content, and photo tags).
Every object in the social graph has a unique ID. You can access the properties of an object by requesting
. For example, the official page for the Facebook Platform
has id 19292868552, so you can fetch the object at https://graph.facebook.com/19292868552
"name": "Facebook Platform",
"username": "platform", "founded": "May 2007",
"company_overview": "Facebook Platform enables anyone to build...",
"mission": "To make the web more open and social.",
"products": "Facebook Application Programming Interface (API)...",
Alternatively, people and pages with usernames can be accessed using their username as an ID. Since “platform” is the username for the page above, https://graph.facebook.com/platform
will return what you expect. All responses are JSON objects.
All objects in Facebook can be accessed in the same way:
All of the objects in the Facebook social graph are connected to each other via relationships. Bret Taylor is a fan of the Coca-Cola page, and Bret Taylor and Arjun Banker are friends. We call those relationships connections
in our API. You can examine the connections between objects using the URL structure
. The connections supported for people and pages include:
We support different connection types for different objects. For example, you can get the list of all the people attending the Facebook Developer Garage at SXSW (ID #331218348435) by fetchinghttps://graph.facebook.com/331218348435/attending?access_token=…
All of the different types of objects and connections we support are included in the Graph API reference documentation
. The easiest way to get started is to check out the Graph API Explorer