You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi
I met a problem related to how the gem gets a profile picture
In version 8.0, was added changes that add the access_token parameter to the avatar URL Related issue Related PR
We stored in our DB links to Facebook avatar URLs as provided by the gem with an access token, for example:
When a person uses Facebook Login on a website or a mobile app, an ID is created for the specific Facebook app, which is called app-scoped ID.
Based on Facebook documentation about the user picture we don't need an access token when we query an App-Scoped User ID
We could confirm that when just removing an access token from the avatar URL
Example:
⬆️ URL without access token allows us to download the user avatar
It seems that the alterations implemented in the gem version 8.0 might not have been entirely accurate
I believe that the root cause of the problem described in the changes for version 8.0 was the http URL, so the issue with fetching the image might not be related to the access token, but to the fact, that Facebook rejects non-SSL connections to the image endpoint since a while, as discussed here: #345 and fixed here: #346
The same conclusion was mentioned here #360
The text was updated successfully, but these errors were encountered:
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Hi
I met a problem related to how the gem gets a profile picture
In version
8.0
, was added changes that add theaccess_token
parameter to the avatar URLRelated issue
Related PR
We stored in our DB links to Facebook avatar URLs as provided by the gem with an access token, for example:
Facebook avatar URL with access token
https://graph.facebook.com/v5.0/{user id}/picture?access_token={access token}&type=large
But that token has an expiration date and when an access token is expired Facebook returns the next error:
The main issue here is that we actually don't need an access token to get a profile avatar
Facebook API use different types of user IDs:
App-Scoped User ID
,User ID
, andPage-Scoped User ID
From Facebook documentation about PSID/ASID Matching we know that we use
App-Scoped User ID
to get Facebook user avatarBased on Facebook documentation about the user picture we don't need an access token when we query an
App-Scoped User ID
We could confirm that when just removing an access token from the avatar URL
Example:
Facebook avatar URL with access token
https://graph.facebook.com/v5.0/{user id}/picture?access_token={access_token}&type=large
⬆️ URL with access token return error as access token is expired
Same Facebook avatar URL without access token
https://graph.facebook.com/v5.0/{user id}/picture?type=large
⬆️ URL without access token allows us to download the user avatar
It seems that the alterations implemented in the gem version
8.0
might not have been entirely accurateI believe that the root cause of the problem described in the changes for version
8.0
was thehttp
URL, so the issue with fetching the image might not be related to the access token, but to the fact, that Facebook rejects non-SSL connections to the image endpoint since a while, as discussed here: #345 and fixed here: #346The same conclusion was mentioned here #360
The text was updated successfully, but these errors were encountered: