I need to pull some posts off a Facebook page and display them on my website. I'm looking at using Facebook Graph API for this, but I'm struggling a bit, the documentation and all kinds of tutorials seems to assume that I will set up a login flow to first ask the user to login to my website. But that's not what I need. I need my server side application to be (stay) authenticated with Facebook and regularly fetch any new posts.
I found out that it should be possible to get a long-lived token by using page tokens, but right now I cannot even figure out how to authenticate using regular short-lived tokens.
So I set up a testing app to get an app ID and secret and went to Facebook Graph API Explorer to get the authentication token for the user I used to create the app.
Here is the basic code I'm using to test the connection Graph Api:
(...)
$fb = new \Facebook\Facebook([
'app_id' => $app_id,
'app_secret' => $app_secret,
'default_graph_version' => '2.8',
'default_access_token' => $app_access_token
]);
try {
$response = $fb->get('/me');
} catch(\Facebook\Exceptions\FacebookResponseException $e) {
echo 'Graph returned an error: ' . $e->getMessage();
exit;
} catch(\Facebook\Exceptions\FacebookSDKException $e) {
// When validation fails or other local issues
echo 'Facebook SDK returned an error: ' . $e->getMessage();
exit;
}
$me = $response->getGraphUser();
When I run my code I get this message:
Graph returned an error: Invalid appsecret_proof provided in the API argument
I've triple-checked that $app_id
and $app_secret
are the values given when I created the app and I've triple checked my access token (tried with my personal user token as well as the page token which I was able to get through the Graph API Explorer).
I found another SO thread suggesting that I should generate an appsecret proof manually, so I did this:
$appsecret_proof= hash_hmac('sha256', $app_access_token, $app_secret);
$fb = new \Facebook\Facebook([
'app_id' => $app_id,
'app_secret' => $appsecret_proof,
'default_graph_version' => '2.8',
'default_access_token' => $app_access_token
]);
I'm not sure if I should pass the $appsecret_proof
to the app_secret
or how I should use it. I'm still getting the same error with the code above.