Facebook PHP SDK access token signing bug
So if you are getting
The method you are calling or the FQL table you are querying cannot be called using a session secret or by a desktop application.
while trying to run some old facbook REST API while using new php sdk this post is for you!
Truth is the some REST calls dose not have new graph equivalent. Like for example dashboard.addGlobalNews.
SDK even in new 2.1.1. version still dose not know how to sign old REST api calls.
When making a call SDK internally calls getAccessToken method to get token.
If you mix new graph api with old REST api internal check for type of api message signing will go havoc.
So quick and dirty solution, add override to facebook SDK and thank them for making it open source.
Add this property to facebook sdk class:
public $overrideToAppSigned = false;
and change getAccessToken method to:
public function getAccessToken() {
$session = $this->getSession();
// either user session signed, or app signed
if ($session && !$this->overrideToAppSigned) {
return $session['access_token'];
} else {
return $this->getAppId() .'|'. $this->getApiSecret();
}
}
Now you can call old REST api like this:
$this->_facebook->overrideToAppSigned = true;
$result = $this->_facebook->api(
array(
'method' => 'dashboard.addGlobalNews',
'call_id' => microtime(true),
'news' => $news
)
);
$this->_facebook->overrideToAppSigned = false;
Don’t forget the last line! ;)
3 thoughts on “Facebook PHP SDK access token signing bug”
October 7, 2010 at 22:40
I give it a few days Before Facebook change something else and this goes out the window as well. :p
Thank’s for this though – made my life easier
December 31, 2010 at 06:57
Hi guys!
Go for oauth2.0 for api, facebook PHP-SDK library now turns to old, also try to avoid using session, its no longer flexible as well no security. Kindly refer developer.facebook.com for further info and updation. cheers!!
January 4, 2011 at 13:45
We know ;) This bug was in new SDK. Some calls were not implemented in new OAuth 2 fashion when writing this post and new facebook SDK https://github.com/facebook/php-sdk internally handles both old and new calls. But they had a bug in signing old calls. Maybe it’s corrected now, it’s been a while and there new “Developers love” movement is great :)