This SDK is deprecated. Find the new SDK here: <a href="https://github.com/facebook/facebook-php-sdk-v4">https://github.com/facebook/facebook-php-sdk-v4</a>

passing custom parameters to facebook fan page tab

I'm unable to get custom parameters send to my facebook fan page tab.

I'm using php and is passing like this:


but I'm unable to read the parameter pass


Source: (StackOverflow)

CSRF state token does not match one provided FB PHP SDK 3.1.1 Oauth 2.0

My server logs show a "CSRF state token does not match one provided" error which seems to happen for almost every user. However, the users are created and/or authenticated and I am able to retrieve the user info. I am using a Linux server with Apache. I am also using the latest Facebook PHP SDK v.3.1.1 Can anyone tell me why this is happening and how to fix it?

Source: (StackOverflow)


Fetching third party posts from the Facebook Graph API

I am in the process of putting together a Facebook tab application for a client that fetches and displays posts from a Facebook page. The application also offers the ability to add new posts to the page and comment on existing posts. This is achieved using the Facebook Graph API (through the the PHP SDK).

I have everything working but have run into a problem involving posting from my app. When a user submits a post, it is sent to the Graph API via the following request.

$facebook->api([PAGE_ID]/feed', 'POST', array(
    'message' => [MESSAGE]

This request is successful and the post appears on the relevant Facebook page with "Via my app name" underneath it.

When I then request the list of posts on the Page via the API (request below), the aforementioned post does not appear.

$posts = $facebook->api([PAGE_ID].'/feed');

I have a strong feeling that this is due to the post being from a third party app. I have heard that Facebook "downgrades" third party posts to encourage the use of its own platform. All of the posts that were posted directly through Facebook are appearing.

However, there must be a way to retrieve these kind of posts.

Update for Fisch below

When I make the post to the API, the following post ID is returned:


However, when I make an API request for it:


I get the following response:

    "error": {
        "message": "Unsupported get request.",
        "type": "GraphMethodException",
        "code": 100

However, when I make the same request but with the ID of a post already included in the /feed request.


I get the following response.

    "id": "112706495458566_457890310940181",
    "from": {
        "category": "Local business",
        "name": "Genting Casino Southport",
        "id": "112706495458566"
    "story": "\"Very well done to ste,...\" on their own status.",
    "privacy": {
        "value": ""
    "type": "status",
    "application": {
        "name": "Mobile",
        "id": "2915120374"
    "created_time": "2012-11-25T22:12:21+0000",
    "updated_time": "2012-11-25T22:12:21+0000",
    "comments": {
        "count": 0

So for some reason, Facebook isn't even letting me look up the post by its ID.

Update #2

In my search for an answer to this, I have come across a study which strengthens my earlier suspicions about the "weight" assigned to third party app posts.

From the EdgeRank Checker report: "When an object is created in Facebook, it is assigned a weight. We believe that Facebook strategically reduced the weight of objects created through the API. The reason behind this strategy would be to encourage more content creation within the Facebook Platform. This ultimately increases the value of their platform while increasing ad impressions."


This could explain why the posts are not passed through in the /feed or /posts API response.

However, this does not explain why the API will not even return the post by it's ID (see update above).

All I can think of is that Facebook does not class third party app posts as real "Posts" and thus doesn't push them through on the appropriate API response. However, I can find no evidence of this in the Facebook documentation.

Update #3

Based on the comments below, I am now attempting to do the same but using a Facebook account that is not the owner of the app or in fact has any admin relation to any page on Facebook (my own personal Facebook account).

I have authorised the app using the oAuth dialog and have accepted the following permisions:

  • email
  • user_birthday
  • publish_stream

With my shiny new access token, I make the following API request:

$post = $facebook->api('112706495458566/feed', 'POST', array(
    'message' => 'this is a test'

To which I receive the following response:

array(1) {
    ["id"] => string(31) "112706495458566_470663409662871"

I then check the actual Facebook page, the post that I just sent has appeared from my Facebook user account as expected.

I then make the following request to fetch all posts on the page:

$posts = $facebook->api('112706495458566/feed');

To which I receive a long array of all the posts on the page (which I wont post here). However, the post that I just sent (and received an ID back for) does not appear.

I then make a direct request for that post using the ID that was returned by the POST request.

$post = $facebook->api('112706495458566_470663409662871');

Which throws the following exception (as per the previous attempt).

GraphMethodException: Unsupported get request.

To reiterate, this attempt was using an account that is completely unrelated to the app or any of the pages that we are trying to fetch data for. The account has also never had any contact with the app (i.e. this was the first time that the permissions have been accepted and an oAuth key generated).

Source: (StackOverflow)

Post from app does not appear in user's timeline

Since Facebook made Timeline now public, the my app post using stream publish does not appear in user's Timeline, only in News Feed. Is there's anything we should do about this or anything new on publish stream or feed post regarding the new Timeline feature ?

Source: (StackOverflow)

Facebook API: How to post to own application wall without login

I want to post to my own application wall a text with a script but without to login first because it should be done automatically. How could I do that? I tried already:

$fb = new Facebook(array(
    'appId'  => 'appid',
    'secret' => 'appsecret',
    'cookie' => true

if ($fb->getSession()) {
    // Post
} else {
    // Logger
    // Every time I get in here :(

What do I have to do to get the access to post to my the own app wall with a script?

Source: (StackOverflow)

How to extend access token validity since offline_access deprecation

Since the offline_access Permission is deprecated in Facebook's Authentication flow, we have problem geting the so called long lived access tokens without that permission.

In Facebook's document about the deprecation it says, that server side OAuth generated access tokens will be long lived, but they are not.

Am I missing something? Some setting in app settings? Some special code I need to use to extend expiration time of access tokens? As I understand the documentation, for server side authentication, the access token wich can be accessed by getAccessToken() method of PHP SDK when the user is logged in is long lived.

Source: (StackOverflow)

Composer install error - requires ext_curl when it's actualy enabled

I'm trying to install Facebook PHP SDK with Composer. This is what I get

$ composer install
Loading composer repositories with package information
Installing dependencies (including require-dev)
Your requirements could not be resolved to an installable set of packages.

    Problem 1
        - Installation request for facebook/php-sdk dev-master -> satisfiable by facebook/php-sdk[dev-master].
        - facebook/php-sdk dev-master requires ext-curl * -> the requested PHP extension curl is missing from your system.

Problem is, I have curl extension enabled (uncommented in php.ini). When I run phpinfo(), it says it's enabled. Only clue I have is that when I run $ php -m, 'curl' line is missing but I don't know what to do about it.

I have wamp 2.4 on Win8 and I'm running composer in cmd.exe.

Source: (StackOverflow)

Getting list of Facebook friends with latest API

I'm using the most recent version of the Facebook SDK (which lets to connect to something called the 'graph API' though I'm not sure). I've adapted Facebook's example code to let me connect to Facebook and that works... but I can't get a list of my friends.

$friends = $facebook->api('friends.get');

This produces the error message: "Fatal error: Uncaught OAuthException: (#803) Some of the aliases you requested do not exist: friends.get thrown in /mycode/facebook.php on line 543"

No clue why that is or what that means. Can someone tell me the right syntax (for the latest Facebook API) to get a list of friends? (I tried "$friends = $facebook->api->friends_get();" and get a different error, "Fatal error: Call to a member function friends_get() on a non-object in /mycode/example.php on line 129".)

I can confirm that BEFORE this point in my code, things are fine: I'm connected to Facebook with a valid session and I can get my info and dump it to the screen just... i.e. this code executes perfectly before the failed friends.get call:

$session = $facebook->getSession();
if ($session) {
    $uid = $facebook->getUser();
    $me = $facebook->api('/me');

Source: (StackOverflow)

Weird url appended "#_=_" [duplicate]

Possible Duplicate:
Play Framework appending #= to redirect after Facebook auth via OAuth2?

Has anyone else seen this happen?

I am building a Facebook canvas app using the Facebook PHP SDK, and some Javascript.
Now when I take the user through the OAuth authentication flow, I have noticed that the URL in the browser automatically gets appended with this "#_=_" , so my URL starts looking like this:


and when I redirect to the app profile page the URL is this:


I am redirecting using

echo "<script type='text/javascript'>top.location.rel='nofollow' href='$appcanvasurl';</script>"

to the canvas URL, and

echo "<script type='text/javascript'>top.location.rel='nofollow' href='$appprofurl';</script>"

for app profile page.

So why is this #_=_ getting appended?


According to this bug on the tracker, this is by design, and giving a value for the redirect_uri does not change this.

And according to the official facebook reply on that page (have to be logged in to Facebook to view the post):

This has been marked as 'by design' because it prevents a potential security vulnerability.

Some browsers will append the hash fragment from a URL to the end of a new URL to which they have been redirected (if that new URL does not itself have a hash fragment).

For example if example1.com returns a redirect to example2.com, then a browser going to example1.com#abc will go to example2.com#abc, and the hash fragment content from example1.com would be accessible to a script on example2.com.

Since it is possible to have one auth flow redirect to another, it would be possible to have sensitive auth data from one app accessible to another.

This is mitigated by appending a new hash fragment to the redirect URL to prevent this browser behavior.

If the aesthetics, or client-side behavior, of the resulting URL are of concern, it would be possible to use window.location.hash (or even a server-side redirect of your own) to remove the offending characters.

Source: (StackOverflow)

Facebook Auth Dialog: Developer warning concerning the use of "display" type "popup"

starting today we receive developer warnings in the auth dialog with the following message:

You are using a display type of 'popup' in a large browser window or tab. For a better user experience, show this dialog with our JavaScript SDK without specifying an explicit display type. The SDK will choose the best display type for each environment. Alternatively, set height and width on your window.open() call to properly size this dialog if you have special requirements precluding you from using the SDK. This message is only visible to developers of your application.

the mentioned warning directly in the popup

We have the following situation:

  • with javascript we open a new popup
  • the src of the popup is set with Facebook's PHP-SDK method getLoginUrl
  • popup itself has a size of 400px by 580px

The PHP-SDK itself references the proper use of "display=popup" within it's own code:

If you are using the generated URL with a window.open() call in JavaScript, you can pass in display=popup as part of the $params.

The JS-SDK documentation says, that the maximum-size of the opened popup should be 400x580:

For use in a browser popup no bigger than 400px by 580px. Use this display type to maintain context for the user without needing to perform a full-page redirect.

So, to sum up: According to the docs, the implementation above should be ok. Is anyone else having this warning or a solution for this?

Source: (StackOverflow)

Error Invalid Scopes: offline_access, publish_stream, when I try to connect with Facebook API

I got this error when I try to connect with Facebook API

Invalid Scopes: offline_access, publish_stream. This message is only shown to developers. Users of your app will ignore these permissions if present. Please read the documentation for valid permissions at: https://developers.facebook.com/docs/Facebook-login/permissions

Before I can connect my website with my Facebook account without problem and today I got the error above, the app is in my Facebook account when I use other Facebook account users of my app I can connect to my website without problem.

Source: (StackOverflow)

What's method for checking user fan of a page in GRAPH API?

In graph api, Pages.isFan method not working, what's method for checking user fan of a page in graph api?


Source: (StackOverflow)

PHP SDK 3.1.1 getUser() sometimes return 0

This is driving me crazy >=(

$facebook->getUser() works well sometimes, but sometimes returns 0

Here is my code: require 'fbapi/facebook.php';
$facebook = new Facebook(array(
'appId' => 'xxx',
'secret' => 'xxxxx',
$user = $facebook->getUser();

the appId and secret are the correct ones.

Which could be the reason that getUser sometimes it returns 0???

Source: (StackOverflow)

Getting long-lived access token with setExtendedAccessToken() returns short lived token

I try to get extended long-lived access token with

$access_token = $facebook->getAccessToken();

After looking SDK I found that setExtendedAccessToken() function is setting long-lived access token in

protected static $kSupportedKeys =
array('state', 'code', 'access_token', 'user_id');


  'access_token', $response_params['access_token']

and getAccessToken() is returning short-lived access token from

protected $accessToken

so what is the purpose of setExtendedAccessToken() since it does not return anything?

Source: (StackOverflow)

Error: Class 'Facebook\FacebookSession' not found with the facebook PHP SDK

I am having a hard time with facebook's SDK documentation. I downloaded the SDK from Github and added it into my PHP project.

Here is the file system:

   ├── Facebook
   │   ├── FacebookAuthorizationException.php
   │   ├── FacebookCanvasLoginHelper.php
   │   ├── FacebookClientException.php
   │   ├── FacebookJavaScriptLoginHelper.php
   │   ├── FacebookOtherException.php
   │   ├── FacebookPermissionException.php
   │   ├── FacebookRedirectLoginHelper.php
   │   ├── FacebookRequest.php
   │   ├── FacebookRequestException.php
   │   ├── FacebookResponse.php
   │   ├── FacebookSDKException.php
   │   ├── FacebookServerException.php
   │   ├── FacebookSession.php
   │   ├── FacebookThrottleException.php
   │   ├── GraphLocation.php
   │   ├── GraphObject.php
   │   ├── GraphSessionInfo.php
   │   ├── GraphUser.php
   │   └── fb_ca_chain_bundle.crt
   └── test.php

here is my code so far:

use Facebook\FacebookSession;
use Facebook\FacebookRequest;
use Facebook\GraphUser;
use Facebook\FacebookRequestException;


$helper = new FacebookRedirectLoginHelper('http://isgeek.eu/fb/FaRepost/return.php');
$loginUrl = $helper->getLoginUrl();
// Use the login url on a link or button to redirect to Facebook for authentication

I get this error

Fatal error: Class 'Facebook\FacebookSession' not found in /homepages/2/d184071366/htdocs/isgeek/fb/FaRepost/test.php on line 9

At updated my PHP version, so the issue does not comme from here. It seems like the PHP files are not found. I read this question (Facebook SDK v4 for PHP Minimal Example) but it does not help.

Where does this comme from?

Source: (StackOverflow)