I’m using the Graph Api on PHP to fetch the albums for an user.
As I display them, I would like to also show the cover photo for each album. I do get the [cover_photo] attribute on each album, but I would like to show that picture without having to make a new request for each photo to get the source URL for all of them.
Is there any way to do this?
I tried (without success) to fetch the photos doing the following:
<img src="//graph.facebook.com/<?=$album['id'] ?>/picture">
I read a post about it where the solution is:
https://graph.facebook.com/<id>/picture?type=album&access_token=<token>
But I can’t just put the access_token inside an img src publicly… can I?
It is very conscientious of you to do this. But you need not worry, as any graph api call that uses an access token automagically requires the request to be https.
Another approach: you can log out of your facebook session at the end of the script which will invalidate the access token.
On a related note, facebook does not mention this as being a security risk. They had a problem with leaked access tokens caused by including them in the HTTP request, and also not using HTTPS. Both of these holes are fixed, and non-expriing tokens have also been removed.
https://developers.facebook.com/blog/post/497/
Here is a good article explaining the security of the access token since Facebook switched to Oauth 2.0
http://www.sociallipstick.com/?p=239