Category: developers journal

Facebook PHP SDK access token signing bug

Author: Matej B. September 3, 2010

So if you are getting

The method you are calling or the FQL table you are querying cannot be called using a session secret or by a desktop application.

while trying to run some old facbook REST API while using new php sdk this post is for you!

Truth is the some REST calls dose not have new graph equivalent. Like for example dashboard.addGlobalNews.

SDK even in new 2.1.1. version still dose not know how to sign old REST api calls.

When making a call SDK internally calls getAccessToken method to get token.
If you mix new graph api with old REST api internal check for type of api message signing will go havoc.

So quick and dirty solution, add override to facebook SDK and thank them for making it open source.

Add this property to facebook sdk class:


public $overrideToAppSigned = false;

and change getAccessToken method to:

public function getAccessToken() {
$session = $this->getSession();
// either user session signed, or app signed
if ($session && !$this->overrideToAppSigned) {
return $session['access_token'];
} else {
return $this->getAppId() .'|'. $this->getApiSecret();
}
}

Now you can call old REST api like this:

$this->_facebook->overrideToAppSigned = true;

$result = $this->_facebook->api(
array(
'method' => 'dashboard.addGlobalNews',
'call_id' => microtime(true),
'news' => $news
)
);

$this->_facebook->overrideToAppSigned = false;

Don't forget the last line! ;)

Author
Matej B.
Follow me @matejbaco

    3 thoughts on “Facebook PHP SDK access token signing bug”

  • I give it a few days Before Facebook change something else and this goes out the window as well. :p

    Thank’s for this though – made my life easier

  • Hi guys!
    Go for oauth2.0 for api, facebook PHP-SDK library now turns to old, also try to avoid using session, its no longer flexible as well no security. Kindly refer developer.facebook.com for further info and updation. cheers!!

  • We know ;) This bug was in new SDK. Some calls were not implemented in new OAuth 2 fashion when writing this post and new facebook SDK https://github.com/facebook/php-sdk internally handles both old and new calls. But they had a bug in signing old calls. Maybe it’s corrected now, it’s been a while and there new “Developers love” movement is great :)

  • Leave a Reply

    Your email address will not be published. Required fields are marked *

    You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>