Exporting your Facebook graph
I’m not a real Facebook user. I have a “ghost” account on there that puts my tumblelog on the wall, and redirects people to my real home outside the Facebook walls. The ghost also acts as my doorway into searching the Facebook network, and helping my partner with the Miss Fitz-Poste’s Modern Mixers fan page.
One of the things that has kept me from spending time there is the lock-in factor. Although I can write my own web apps to publish content, I much prefer to use services provided by others - but only if I have the ability to migrate that content elsewhere. As an experiment, I tried using the new Facebook graph API to export data from their site.
Happily, it’s pretty easy to do this. Although the pseudo-privacy controls means you have to jump through some OAuth hoops, you can do it all from your browser.
- Register a Facebook app. OK, this sounds like a big deal, but you just have to provide any old name, and a site URL (later known as the App URL.) The key thing is that this does not need to be a URI that addresses anything real. For my first test I used an endpoint underneath
anthonybailey.net, but subsequent trials showed you could use a non-existent domain, orlocalhost- anything you like so long as you don’t mind that your browser is later going to fire it a single request containing a one-time secret code. - Negotiate a captcha. Facebook registers your app and assigns you an App ID and an App Secret.
- Log into your Facebook account so that your cookies are all properly baked.
- Visit
https://graph.facebook.com/oauth/authorize?client_id=<App ID>&redirect_uri=<App URL>/oauth - Facebook will ask you to grant access to your account to your app. Make it so.
- You will now be redirected to
<App URL>/oauth?code=<long.scary__.looking.code>The fetch will fail, because the endpoint doesn’t exist, but your browser should still show you the address, containing the code you need. - Visit
https://graph.facebook.com/oauth/access_token?client_id=<App ID>&client_secret=<App Secret>&redirect_uri=<App URL>/oauth&code=<long.scary__.looking.code.> - Facebook will return a body with content definining an
access_tokenand a time in which said tokenexpires. (From what I’ve seen the latter is a duration in seconds between one and two hours. You can get a fresh access token by returning to step 4.)
Now you can go explore your personal graph of JSON objects, and those of any other areas of Facebook your account has access to. You can see what relationships there are to follow by starting at https://graph.facebook.com/me?metadata=1&access_token=<...>
Clearly once you’ve registered the app, a little script ought to be able to perform the brief dance that gets the access token so long as it can supply your Facebook account cookies. I haven’t bothered to automate it myself because I’m still not living my life in Facebook.
(You might ask why, given that I now seem to have an export mechanism? OK, I oversimplified earlier in order to get to the useful bit more quickly. Actually, for an identity/social service like Facebook, my preferences are somewhat more complicated.
On the plus side, I could live with the most transient or socially intertwined contextual Facebook content (quick comments on other’s stuff) being hard to export cleanly and effectively. However, I really want the most core information about me - contact details and bio - to be served directly from a resource addressed under a domain that I own. It would be OK to have a third-party host that information behind the scenes, or to explicitly import it from my primary resource, but I don’t want an address under Facebook’s control to be authoritative for my identity, or even to imply that it was.)
