Facebook stream publish not working

Jul 17, 2009 at 5:48 AM


I seem to be able to use the publishUserAction and setStatus methods using an infinite session key however using the same key for stream.Publish returns an "Session key invalid or no longer valid" message. I have the extended permission set to allow 'publish_stream' as well. I had a look at two of the requests in their raw form and can't see why one would fail and the other would succeed. Note that I have replaced the session key with <session key>, but it was identical in each instance. I've also replaced the api key, not sure if you can do much with that without the secret but I've removed it for good measure anyway.


http://api.facebook.com/restserver.php?method=facebook.stream.publish&message=one+line+desc&uid=0&session_key=<session key>&api_key=<api key>&v=1.0&call_id=8cbd4fd015a9c58&sig=12f6c409ceb9e8c925382b2ef7d5a873


http://api.facebook.com/restserver.php?method=facebook.users.setStatus&status=one+line+desc&status_includes_verb=False&uid=0&session_key=<session key>&api_key=<api key>&v=1.0&call_id=8cbd4fe4600ba40&sig=83bac03519a4f1fa291c79d8e9147bdb

Any idea what's going on?

Jul 20, 2009 at 2:23 AM

I found out that you are not supposed to be able to ask a user to grant the publish_stream permission if that user is not a developer or the application hasn't been whitelisted. Strangley enough, I was not only able to prompt for the permission but it was also granted to the user when they accepted. Logging into facebook as that user and checking the application settings showed that indeed the user had been granted that permission. However, I found it odd that redoing the registration process as a developer didn't ask for the extended permissions again, presumably because the API realised they were already granted. In contrast, doing this as a non-developer re-prompted for the publish_stream permission, which seemed to indicate that it had not been set correctly the first time. I added the user as a developer of the application but that didn't change anything, but I assumed that there was just some replication delay stopping the active server from realising that the user was a developer. Sure enough, on re-testing the scenario today the user was allowed to publish to the stream.

So this seems more like sloppy work on the facebook side, rather than anything being incorrectly set in the API. I guess I'll have to stick with publish user action until I have enough information to apply to be on the whitelist, what a pain.