I have a GitHub pages / Jekyll web site that mainly just serves static content. However, I'd also like to be able to have this web page reach out to a public Facebook group's page and get links to each of its albums.
This used to be easy: http://graph.facebook.com/GROUP_ID/albums
, then parse the JSON. After recent changes to the facebook graph API that approach no longer works. Now facebook wants an access token or id/secret combo. (Their robots.txt also prevents scraping the page.)
If I had any sort of backend to work with this would be easily done, but for this project that isn't an option. There's also the client side option of having each user authenticate with facebook, but most users of the site don't have facebook accounts. (sad trombone)
Of course just making a raw call like this http://graph.facebook.com/GROUP_ID/albums?access_token=APP_ID|APP_SECRET
works but is super insecure.
As far as I can tell my options are:
1. Give up on trying to use this data locally and just send people to the group's albumn page.
2. Give up on the client side only implementation goal.
3. Create a dummy Facebook account just for making this request. If that account's APP_SECRET is compromised, who cares, right? (I suspect facebook would frown on this approach, but how sternly?)
I'm posting here because I'm hoping some clever reader will think of an approach I haven't thought of. Any takers?
(The fact that I can access this content by just going to the page without logging into facebook makes me think this should be doable, and it's mildly maddening that I haven't come up with a clean solution. /rant)
UDATE:
Context - I recently read (and loved) The Best Interface is No Interface by Golden Krishna and was really struck by it. I've been thinking a lot about creating CMS like utilities that don't add extra steps to the user's existing workflow. An old friend from the church in my home town got in touch recently asking if I could put together a simple web page for them, and I thought it would be a great opportunity to try out NoUI. There's more about that here. This project has a $0 budget - hence no backend. Since the church already has an active FB group page my intention was just to pull that content in like this:
https://github.com/lostphilosopher/eskomethodist/blob/gh-pages/pictures.html#L17 which calls https://github.com/lostphilosopher/eskomethodist/blob/gh-pages/assets/javascript/scrapeContent.js#L1
Which brings me to my present predicament.
(Also, for anyone checking out the site - I know. I know. I'm not a Front End dev. :-) )
I'm not accepting this as a solution, and actively searching for a better option.
I'm posting this as a solution, because it did solve my immediate problem, but it's messy, and may not work long term.
Massively insecure, but it's a throwaway account.
The good news is - I've confirmed that it works.
The bad news is, it's so hacky my fingers have splinters.