graph api

fagner moura - @seufagner

old REST(?) apihttps://api.facebook.com/method/[name]

• users.hasAppPermission• users.isAppUser• users.getLoggedInUser• stream.publish ...

old REST(?) apihttps://api.facebook.com/method/[name]

• users.hasAppPermission• users.isAppUser• users.getLoggedInUser• stream.publish ...

session_key

old REST(?) apihttps://api.facebook.com/method/[name]

• users.hasAppPermission• users.isAppUser• users.getLoggedInUser• stream.publish ...

session_key

old REST(?) apihttps://api.facebook.com/method/[name]

• users.hasAppPermission• users.isAppUser• users.getLoggedInUser• stream.publish ...

deprecatedsession_key

old REST apihttps://api.facebook.com/method/[name]

• users.hasAppPermission• users.isAppUser• users.getLoggedInUser• stream.publish ...

deprecatedsession_key

old REST apihttps://api.facebook.com/method/[name]

• users.hasAppPermission• users.isAppUser• users.getLoggedInUser• stream.publish ...

deprecatedsession_key

REST ?• easy SOA• resources• only HTTP• stateless

• lightweight• simple• readable

now, only json response

objects

objects

userpagemessagestatus messagephotovideo ...

objects

https://graph.facebook.com/ID

userpagemessagestatus messagephotovideo ...

objects

https://graph.facebook.com/19292868552

userpagemessagestatus messagephotovideo ...

objects

https://graph.facebook.com/plataform

userpagemessagestatus messagephotovideo ...

userpagemessagestatus messagephotovideo ... objects

+connections

user@connections

homefeedpostsfriendspicturephotos ... user@connections

homefeedpostsfriendspicturephotos ...

(public data)

user@connections

https://graph.facebook.com/me/friends

https://graph.facebook.com/me/picture

homefeedpostsfriendspicturephotos ...

(read_stream permission)

user@connections

https://graph.facebook.com/me/home

https://graph.facebook.com/me/feed

homefeedpostsfriendspicturephotos ...

(read_stream permission)

user@connections

session_token?

homefeedpostsfriendspicturephotos ...

(read_stream permission)

user@connections

access_token

homefeedpostsfriendspicturephotos ...

(user_photos permission)

user@connections

access_token

grantpermissions

• oauth 2.0• server side• client side

• open protocol• authentication• widely used

• open protocol• authentication• widely used

• oauth 2.0• server side• client side

grantpermissions

• oauth server• user• application

actors

server side flow

App try to accessFacebook

OAuth Dialog(App Authorization)

OAuth Dialog(User Authentication)

curl -F 'client_id=113391995351148' \-F 'redirect_uri=http://facebook-buraco-debug.jogatina.com.....' \https://www.facebook.com/dialog/oauth

server side flow

OAuth Dialog(App Authorization)

OAuth Dialog(User Authentication)

curl -F 'client_id=113391995351148' \-F 'redirect_uri=http://facebook-buraco-debug.jogatina.com.....' \-F 'scope=email, read_stream' \https://www.facebook.com/dialog/oauth

App try to accessFacebook

server side flow

OAuth Dialog(App Authorization)

OAuth Dialog(User Authentication)

Cookie not found, show OAuth Dialog (facebook layout)

App try to accessFacebook

server side flow

OAuth Dialog(App Authorization)

OAuth Dialog(User Authentication)

goes to App authorization directly

App try to accessFacebook

server side flow

access OAuth Dialog(App Authorization)

OAuth Dialog(User Authentication)

don´t allow !redirect with some params like: error_reason, error, etc.

HTTP 302(redirect_url param)

server side flow

access OAuth Dialog(App Authorization)

OAuth Dialog(User Authentication)

allow !

redirect with authorization code param

HTTP 302(redirect_url param)

server side flow

Authorization) http://mydomain...

curl -F 'client_id=113391995351148' \-F 'redirect_uri=http://facebook-buraco-debug.jogatina.com.....' \-F 'client_secret=f8138690fe947221d4d2c071aa945395' \

-F 'code=[authorization code here]' \

https://graph.facebook.com/oauth/access_token

OAuth Dialog(App Authorization)

server side flow

{ "error": {"type": "OAuthException", "message": "Error validating verification code." }

}

HTTP 400Authorization) http://mydomain...

server side flow

Sucessfull authenticated !

access_token in the body of the request

HTTP 302(redirect_url param)Authorization) http://mydomain...

• oauth 2.0• server side• client side

grantpermissions

client side flow

• desktop• mobile• javascript

HTTP requestOAuth Dialog(App Authorization)

client side flow

curl -F 'client_id=113391995351148' \-F 'redirect_uri=http://facebook-buraco-debug.jogatina.com.....' \-F ‘response_type=token' \https://www.facebook.com.br/dialog/oauth

HTTP request

client side flow

HTTP 302(redirect_url param)

Pass URI fragment with access_tokenhttp://jogatina.com....#access_token=gzZ666a..&expires_in=64090

{ "error": {"type": "OAuthException", "message": "Error validating verification code." }

}

HTTP request

client side flow

HTTP 400

services available

• reading• searching• publishing• ...

curl -F ‘fields=id,name,picture' \-F ‘access_token=...' \https://graph.facebook.com/fagner.moura

services available

• reading• searching• publishing• ...

curl -F ‘q=futebol' \-F ‘type=user' \https://graph.facebook.com/search

services available

• reading• searching• publishing• ...

curl -F ‘message=Jogue no Jogatina hoje' \-F ‘access_token=...’ \https://graph.facebook.com/fagner.moura/feed

services available

• reading• searching• publishing• ...

paginginsights

deleting

real time update

:-)

fagner moura - @seufagner