2

Given a Page Access Token, how do I poll Facebook's API to determine whether my app can still post on the Page's timeline? If I was working within the User's context, this would be easy. I would use the User Access Token and call this endpoint:

/me/permissions?access_token={user_access_token}

{
  "data":[{
    "installed":1,
    "email":1,
    "publish_stream":1, // Yay! I can still publish to user's Timeline
    "bookmarked":1
  }]
}

However, the /me/permissions endpoint is not allowed with the Page Access Token:

/me/permissions?access_token={page_access_token}
{
  "error":{
    "message":"(#3) App must be on whitelist",
    "type":"OAuthException",
    "code":3
  }
}

If I had the User's access token, then I can check for both publish_stream and manage_pages and if the user has granted both of those permissions, then my App can publish to any Page that the user is an administrator of. But unfortunately in my scenario, I don't have the User Access Token. I only have the Page Access Token which is stored for offline use.

Any idea how I can use the Page Access Token to determine if my App can still publish to the Page's Timeline?

4

2 回答 2

3

You can use the debug tool to check what information is associated with it.

Quoted from the documentation

To use the API, you can issue an HTTP GET request to graph.facebook.com/debug_token with two parameters:

https://graph.facebook.com/debug_token?input_token=INPUT_TOKEN&access_token=ACCESS_TOKEN

input_token: the Access Token to debug
access_token: your App Access Token or a valid User Access Token from a developer of the app.

于 2013-05-01T08:16:46.440 回答
0

It's not possible to view page access token permissions using just the page access token.

Visiting /debug_token/, or using the Facebook Debugger (https://developers.facebook.com/tools/debug/) on the page access token will simply return the permissions of the user token that issued it (tested as of 5/7/14).

The only way to check page token permissions is by polling /me/accounts/ (which requires as user token from a page admin) and looking at the 'perms' field. Or by just testing requests.

Verifying 'manage_pages' and 'stream_publish' returned from /debug_token/ on a page token is an insufficient check, as the user's page admin level may restrict their activities.

于 2014-05-07T20:45:26.113 回答