0

I have obtained advanced access to Facebook's Graph API user_link, which results in an app-scoped ID accessible only to the logged-in user. The user_link document clearly states:

The allowed usage for this permission is to provide a way for someone who uses your app to visit a person's Facebook profile.

But ASID fails to do that. So, what am I missing here? And, is there a workaround if this is how it will be, other than manually entering the URL?

My code:

$response = $fb->get('/me?fields=id,name,email,link', $accessToken);
$user = $response->getGraphUser();
$_SESSION['fb_link'] = isset($user['link']) ? $user['link'] : '';

Update: User A account has Fb icon that redirects to their Fb profile using the link https://www.facebook.com/app_scoped_user_id/YXNpZADpBWEZA4a281N3FmRDBNX25UUTYweEhicGNGs1RUhYa3lKTks3cm1ZATmk0eXNXZAUFTbHVEbjFKSkJpTFhQT05FcDBDSUhOdUJKc0xEVFhER1diTGZAZAWE5BUDF0QVEZD/. When User A (or User A's Facebook friends who are on my platform) clicks it, the link redirects to successfully to User A's Fb profile, but for other users on my network even if they are logged-in, they see a failure message on a Facebook page "Sorry, this content isn't available at the moment".

I hope this clarifies any doubts. Any leads will be appreciated. Thank you!

Improve this question
2
  • 1
    Sorry it's a bit unclear what you're saying. Are you saying that $user['link'] contains a URL but that the URL isn't usable? If so, what happens when someone tries to visit the link? You haven't quite explained what is in there, or how you tried to use it. Can you edit the question? Thanks Commented Jul 28 at 16:40
  • 1
    @ADyson Updated with some info. Hope this helps! Commented Jul 28 at 17:53

1 Answer 1

Reset to default
0

I agree the wording is potentially confusing. But I think it just means that the user gives the app permission to get the link to their profile, which it can then use to display to others, or whatever. It doesn't mean that this overrides the normal permission that user has set on their profile. If their profile isn't visible to non-friends then having the link doesn't change that, it's still just a link to their profile and the usual permissions apply.

Imagine the total chaos and security disaster that would ensue if granting a simple permission to an app opened up someone's profile to the whole world.

See also the description of the user link at https://developers.facebook.com/docs/graph-api/reference/user :

A link to the person's Timeline. The link will only resolve if the person clicking the link is logged into Facebook and is a friend of the person whose profile is being viewed.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.