Auth redirects in a canvas app

When using the sample authentication code in a Fb canvas app, doing res.redirect(authUrl) results in this:

Refused to display '' in a frame because it set 'X-Frame-Options' to 'DENY'. about:blank:1

In various posts it looks like we need to redirect the browser top to the oauth, we can't do it within an iframe loaded from Facebook.

Has anyone else run into this?

fbgraph.get() showing https error

 fbgraph.get('/me',{access_key: res_accesskey}, function(error, data) {

when i call the above function i get the below given error:

{ message: 'Error processing https request',
[Error: 3086730960:error:0607907F:digital envelope       routines:EVP_PKEY_get1_RSA:expecting an rsa key:../deps/openssl/openssl/crypto/evp/p_lib.c:288:
 ] }

I have the updated version of node and even checked by setting "strictSSL" to false.
please guide me regarding this.

Test Code.

Can you provide the html files for the example you give under the "Rockin' it on an Express App" title

permission manage_notifications?

I want to get notification of fb like that:
graph.get("/me/notifications", function(err, q) {

But when I run, I'm received a error:
"error": {
"message": "(#200) Requires extended permission: manage_notifications",
"type": "OAuthException",
"code": 200
How can i set permission for my request?

Publish update to NPM

Hi! Awesome job at this library...

But I guess it's not in npm yet, the last commit regarding batch creations... Took me one our to figure that out...


timeout option not working

I tried passing the timeout option to the fbgraph object and looks like it is not being passed to the request object.
And that makes the request not to timeout if the request takes more time that the set by setOptions parameter.

Found the reason looks like due to following line of code:
Where it is assumped that Graph object will get the same this as the current object, which is not true.

The solution for this is to passing options as parameter to Graph function.

how to post as page itself?

I set


but always get error

{ error: 
   { message: '(#200) Unpublished posts must be posted to a page as the page itself.',
     type: 'OAuthException',
     code: 200 } }

what is the correct way do it?

Question about Custom Actions

Hi There,

I have a question about using custom facebook actions with this API. I'm trying to post an action as per the "Open Graph Mechanics" section of this page:

Essentially, I want to make a call as follows: POST

If I make a call as follows:

                .post("/me/appname:actiontype", {objecttype:Object_URL}, function(err,data){
                    if(err) console.log(err)
                    else console.log(data)

will both the objectURL/type and accessToken make it through to facebook? I've been looking through the code you've written and I can't tell what exactly will happen.

could i just remove the "setAccessToken()" clause and add the accessToken info into the "postData" parameter object, or would that break something in your code?

I'm currently developing on a local computer - otherwise I would test this myself.


Bug in Graph.prototype.end(body) (graph.js line 83)


When body is an object (try get 'me/picture') this function returns null.
The reason for this is typeof(body === 'string) is a boolean since body==='string' and typeof(true) is boolean.

The statement needs to be:

var json = typeof body === 'string' ? null : body

Nitzan Bar

Javascript SDK


I love what you've done here, i've spent the last day trying out almost every single node Facebook wrapper and they are all SO clunky! The only thing i'd really like your library to have is support for getting the access token via the "fbsr_APPID" cookie, for when I'm using the Facebook javacript SDK.

Thanks, and great work!

decode signed_request for "Deauthorize Callback URL"

The Facebook documentation lacks a lot when it comes to details for the "Deauthorize Callback URL" or the signed_request parameter.

Using I was able to find out that Facebook calls the URL when a user revokes access and passes a signed_request POST parameter along. Now the question is, how do I decode it and more importantly, should fbgraph offer a helper method do to so?

Response code?

Is it possible to retrieve the status code of the request to know when we're hitting the Facebook rate limit?

batch request?

Hi, I love this module only thing missing so far is batch request. Good job guys.

Outdated API call example in

Posting a message on a friend's wall in the way as it is described in is not possible any more. I'd suggest changing the example to only post on the users wall:"/feed", wallPost, function(err, res) {
  // returns the post id
  console.log(res); // { id: xxxxx}

Removing the ability to post to friends' timelines via API
We have found that posting content via API (stream.publish) on a friend's wall lead to a high incidence of user dissatisfaction (hiding content, blocking the app). After the migration period, posting content to friends' timelines via stream.publish will no longer be allowed. Please use the Feed Dialog for posting.


Extend long-term token


Is it possible to extend the long-term token?

When I use the extendAccessToken method, the expires response decreases. Does that mean that even the new token won't work after some time?


Posting Custom Open Graph Object

I am having trouble figuring out how to use fbgraph to post a custom Open Graph object, or figuring out if it is actually possible using fbgraph.

The example code that FB gives me for creating an object is:

    app_id: [app_id],
    type: "[app]:[obj_type]",
    url: "[sample_url]",
    title: "[sample_title]",
    image: "[link_to_img]",
    description: ""
  function(response) {
    // handle the response

and to post the action it gives me:

    [obj_type]: "[sample_url]"
  function(response) {
    // handle the response

Is this possible to recreate with fbgraph? If so, would it be possible to include instructions and examples for how to do this in the Readme?

Thank you very much!

  • Evan

Graph API 2.0

This is more of a discussion opener than a direct issue at this stage, but if you haven't seen - Facebook's just announced a ton of new changes to their API. Most notably for this module, they'll be versioning the API moving forwards.

They've now introduced v2.0, with a number of little tweaks and changes. It would be great to hear what your thoughts are on things. I'd definitely recommend some kind of version global parameter, but to allow for flexibility it should be possible to specify this on the request level as well.


How to get Facebook login popup


The current faceboook authorization opens entire page for fb login instead of showing a login popup window.Help appreciated on how to do tht using fbgraph

No node specified

Hi and thanks for this stuff! ๐Ÿ‘

I'm trying to work with pagination but as your example is wrote, there is no specification about the node in which you want to know the "likes".
Indeed it returns:

{ error:
{ message: 'No node specified',
type: 'GraphMethodException',
code: 100

Any thought on that?

Bug when I try to use graph.fql

When I try :

var graph = require('fbgraph');
var fqlRequester = graph.fql;
fqlRequester('SELECT [...]', function(err,rep) {

I get :

TypeError: Object #<Object> has no method 'get'
    at exports.fql (./node_modules/fbgraph/lib/graph.js:340:15)

It's true, it cannot work ! Isn't it ?
On line 340, if i replace "this.get" by "exports.get(", it works like a charm.

Does I make a bad usage of the lib ?

Thanks !

store access_token in session


Love the work you've done here, but it's a bit tricky because we have to store the access_token in a session:

req.session.access_token = graph.getAccessToken();

And everytime the browser does some action, we have to pull the access_token from the session and set


Could you add an option to the graph.get function so that we can pass the access_token directly. eg:

graph.get("/me", req.session.access_token, function(err, data) {


Edit: fyi, I'm using Express.js session support:

[Feature] FB App on Page Tab


Like I read here on the Page Tab Tutorial apps that are integrated on pages have additional information (pageid, admin of page and if page got liked by the user). These things are stored on the signed_request parameter with the additional parameter page. Also there is a string parameter called app_data.

As far as I understand this isn't implemented in fbgraph. Do you might consider supporting querying information about apps on page tabs within fbgraph?

Thanks in advance!

graph api only accepts username but should accept userId also

line 215 of your code

if (typeof url !== 'string') {
  return callback({ message: 'Graph api url must be a string' }, null);

not sure how you want to handle this.. whether to use an option to say its a userid and then ignore the check or just remove this check altogether.

Duplicate message

Hi, i've this code:

    // Set index route
    app.get('/', utils.accesslog, function(req, res){
        //Get token from session to allow post
        var wallPost = {
          message: "Hello!"
        // To post you need to authorize the applicationt to public_stream: + "/feed", wallPost, function(err, results) {
          // returns the post id
              if (err){
              console.log(JSON.stringify(err)); // { id: xxxxx}
              }else {console.log(JSON.stringify(results));}
        res.render('index', {connected: req.session.connected, title: configuration.Params.title, message: [{msg: "Hello" + req.session.fb_userId}]});


    // Set facebook login path. On Facebook main parameter page set url as: mysite.tld/fblogin
    app.get('/fblogin', utils.accesslog, function(req, res){
        // we don't have a code yet
        // so we'll redirect to the oauth dialog
        if (!req.query.code) {
            var authUrl = graph.getOauthUrl({
                "client_id":     configuration.Params.facebook_appId,
                "redirect_uri":  configuration.Params.facebook_redirect_uri

            if (!req.query.error) { //checks whether a user denied the app facebook login/permissions
            } else {  //req.query.error == 'access_denied'
                res.send('access denied');

        // code is set
        // we'll send that and get the access token
            "client_id":      configuration.Params.facebook_appId,
            "redirect_uri":   configuration.Params.facebook_redirect_uri,
            "client_secret":  configuration.Params.facebook_secret,
            "code":           req.query.code
        }, function (err, facebookRes) {
            req.session.fb_token = facebookRes.access_token;  
          // Get user information and put them into session
            graph.get("me", function(err, user) {
                req.session.fb_userId =;
                console.log(user); // { id: '4', name: 'Mark Zuckerberg'... }


I have two duplicate message to facebook:
{"message":"(#506) Duplicate status message","type":"OAuthException","code":506,"error_data":{"kError":1455006}}
It seems that pages is refreshed twice, probably i wrote something bad.

Had someone the same problem?

Thanks for your time.
Best regards.


With this lib Its possible get the "wall comments feed" like Twitter Stream APi ?

How to get all friends details since its blocked in version 2.0??

how i can get all my friends details since its blocked in version 2.0?
When i am using me/friends in version 1.0 its giving all my friends details but in version 2.0 i am getting only few names.How i can do this in version 2.0.
how i can use graph targeting option using

Facebook Event Images

I was wondering if anyone had a sample of how to post an image with a facebook event using this module? I have tried it every way that I can think of, and I can not get any of them to work at all. I can get the event to create on facebook just fine, but I can not get an image to attach to it on creation. I have to go to facebook and add the image that way.

Extend Access Token (Due to deprecation of offline_access scope)

graph = require("fbgraph");

extendAccessToken = function (accessToken, callback) {
    var uri = "oauth/access_token?client_id=" + process.env.FACEBOOK_APP_ID + "&client_secret=" + process.env.FACEBOOK_APP_SECRET + "&grant_type=fb_exchange_token&fb_exchange_token=" + accessToken;
    graph.get(uri, function (err, res) {
      process.nextTick(function () {
        typeof callback === "function" ? callback(res.access_token) : void 0;

Consider adding this on fbgraph :)

Using access Token

In your example for express , where do i insert the code


Wall post with privacy settings don't work

Hi, here the example:

message: 'Someone commented your post: ' + object.comments[0].message,
privacy: {
value: 'CUSTOM',
friends: 'SELF'
}, function(err, res){
if (err) {

I see message on the wall but privacy settings doesn't applied.

I made some investigation and found that problem is in querystring: = function() {
var self = this
, postData = querystring.stringify(this.postData); // Querystring don't like nested objects.
this.options.body = postData;

Here REPL session example:

t = {message: "123", smth: { subprop: "123"}};
{ message: '123', smth: { subprop: '123' } }
qs = require("querystring");
{ unescapeBuffer: [Function],
unescape: [Function],
escape: [Function],
encode: [Function],
stringify: [Function],
decode: [Function],
parse: [Function] }

Here the issue (I'm curious why it closed): nodejs/node-v0.x-archive#1665


How I can get logOutUrl for my user? there is seems no such functions for graph object

Ask permissions every time on auth request

Hi. How can I make facebook ask for granting permissions every time user tries to authorize, like twitter does. Now it just does all needed redirects at once without anything.

How do you check if it's already logged in?

Is there any way to store that in a session, or there is a function like "graph.isLoggedIn() " that would make it easier to know if it's already logged in on another page?

App with api Fb

I would like to configure my app with the its key and the relative secret key... how can I do ?

Once configured I would to send a message...

Thanks for your help.

Do not force to use require() to create a new fbgraph instance

Hello and thank you for the good work on this module.

A suggestion : it would be nice if we could require the module once at the beginning of our scripts instead of everytime we to open a connection to Facebook.

Unless I missed something, right now we have to write :

// somewhere deep down in my script
$.each(contacts, function(i, contact)){
    // create a dedicated instance of fbgraph (we don't want only one instance which would get a different access token every now and then)
    var graph = require('fbgraph');
        "client_id": conf.client_id,
        "client_secret": conf.client_secret

I'd rather do something like

// at the top of my file with all the others, for clarity.
// double underscores are my own convention to show that the variable is a module in the "global" scope
var __fbgraph = require('fbgraph');
// global default config
        "client_id": conf.client_id,
        "client_secret": conf.client_secret

// later, deep down in my script
$.each(contacts, function(i, contact)){
    var graph = new __fbgraph();

Also, I see no support of the batch get requests, which is going to be a deal breaker for me. Thanks anyway :)

Access token is set to the whole app !

i'm working on multi sessions app (user login/logout) so when when set_accessToken is triggered the access_token of current user is set to all online users so any user of those can post under the name of last user !!!

Help in index template

Hello. I am new to facebook apps. I loved this library. But I'm confused when you create the index template. Might help me find some basics to create a template that shows the friends of a given user instance.


Global access tokens

Hi Cristiano,

This is more of a question than an "issue" as such, but I thought it was worth querying the fundamentals of how access tokens are set within the fbgraph module. Correct me if I'm wrong, but it looks like they're being set on a global application level rather than a user level. As a result, issues can be caused when:

  • User A logs in, we set their access token, and the /me endpoint is queried
  • User B logs in, we set their access token (which is different to user A), and the /me endpoint is queried
  • User A now wants to get a list of all their friends, so the /me/friends endpoint is queried
  • Oh no! User A has actually got back user B's friends, because the access token for user B is still assigned to the graph object.

The way I've got round this issue so far is by always calling graph.setAccessToken directly before any queries. Another way of handling this would be to require the module within individual queries, but I've never seen this done in node, there must be a reason for this...

So I guess my question is - was this by design? Am I missing or not considering something?

tests fail

When accessing the graphApi with no Access Token* and performing a public search
โœ— should return valid data
ยป expected undefined to be an Array // graph.test.js:133

res is:
{ error:
{ message: '(#200) Permissions error',
type: 'OAuthException',
code: 200 } }

