phpfacebookauthenticationfacebook-graph-apioauth-2.0

Misleading Graph API user_link

I have obtained advanced access to Facebook's Graph API user_link, which results in an app-scoped ID accessible only to the logged-in user. The user_link document clearly states:

The allowed usage for this permission is to provide a way for someone who uses your app to visit a person's Facebook profile.

But ASID fails to do that. So, what am I missing here? And, is there a workaround if this is how it will be, other than manually entering the URL?

My code:

$response = $fb->get('/me?fields=id,name,email,link', $accessToken);
$user = $response->getGraphUser();
$_SESSION['fb_link'] = isset($user['link']) ? $user['link'] : '';

Update: User A account has Fb icon that redirects to their Fb profile using the link https://www.facebook.com/app_scoped_user_id/YXNpZADpBWEZA4a281N3FmRDBNX25UUTYweEhicGNGs1RUhYa3lKTks3cm1ZATmk0eXNXZAUFTbHVEbjFKSkJpTFhQT05FcDBDSUhOdUJKc0xEVFhER1diTGZAZAWE5BUDF0QVEZD/. When User A (or User A's Facebook friends who are on my platform) clicks it, the link redirects to successfully to User A's Fb profile, but for other users on my network even if they are logged-in, they see a failure message on a Facebook page "Sorry, this content isn't available at the moment".

I hope this clarifies any doubts. Any leads will be appreciated. Thank you!

Solution

  • I agree the wording is potentially confusing. But I think it just means that the user gives the app permission to get the link to their profile, which it can then use to display to others, or whatever. It doesn't mean that this overrides the normal permission that user has set on their profile. If their profile isn't visible to non-friends then having the link doesn't change that, it's still just a link to their profile and the usual permissions apply.

    Imagine the total chaos and security disaster that would ensue if granting a simple permission to an app opened up someone's profile to the whole world.

    See also the description of the user link at https://developers.facebook.com/docs/graph-api/reference/user :

    A link to the person's Timeline. The link will only resolve if the person clicking the link is logged into Facebook and is a friend of the person whose profile is being viewed.