I followed the documentation for generating a permanent token for WhatsApp Cloud API.
Last steps in the series which I followed
Generate a new token
Select the app
Give permission to WhatsApp business management & WhatsApp business messaging
Generate token
But what's next?
After I generated an access permanent token I still see that token will expire in 23 hours in WhatsApp's getting started.
Are there any additional steps I'm unaware of?
I expected that I won't see anymore that the token will expire in WhatsApp getting started.
I'm confused. Could someone explain to me, please
Related
I am trying to use Github Oauth App for authorization purpose. No Authentication, no sign in with github.
I would like a user (having an account on my app) to link their GitHub account to my app's account. I understand the github web flow. Let the user authorize Oauth app for the first time. Get the authorization code. Fetch an access token using the code. And use that token to do git operations on user's behalf.
Now the thing I am unsure about is, what if the user logs out of my app and logs back in again?
Not a good practise to ask them to link accounts for each login.
Should I automatically do the Oauth flow again and generate a new access token for each login? If that is, why does Github Oauth App have an access token that won't expire? And why does Oauth app store multiple tokens for the same user, same scope? Why not remove the previous token and store the new one only? Because of this move by Github, I believe this is not the correct way to go. I don't know.
Or, should I store their initial token in the database, and use the same token forever? Is that a good practise? And if that is, how do I verify the scopes initially defined for that token is still the same? I couldn't understand this bit, reading through the Github documentation.
I hope I was clear enough. I couldn't understand this account linking thing.
I'm making an API to post to our companys facebook page but all documentation and request errors require me to get a page access token but this is supposed to run on the server and its a bit inconvenient for our dev team to every 2 months have to generate a new token and restart the app so my question is if its possible to use the app id and secret only or get a permanent token?
I found out a couple time after posting this question here at stackoverflow that facebook has system users that allow you to generate tokens for server side services that dont need a specific user data.
https://developers.facebook.com/docs/marketing-api/system-users
You will need to make your sys user admin to make posts and what not.
I've seen countless questions similar to mine. But I have a very specific question about this.
In the Facebook access token documentation https://developers.facebook.com/docs/facebook-login/access-tokens/expiration-and-extension it states
Native mobile apps using Facebook's SDKs will get long-lived access
tokens, good for about 60 days. These tokens will be refreshed once
per day when the person using your app makes a request to Facebook's
servers. If no requests are made, the token will expire after about 60
days and the person will have to go through the login flow again to
get a new token.
This statement generates as many questions as answers. Note I am NOT using the Facebook SDKs because mine is a server side app written in Java. So this isn't a native mobile app.
Does the phrase tokens will be refreshed once per day mean that if I use my long-lived token daily Facebook will just keep extending the expiration of my existing long-live
token? Or will it want to issue me a new long-lived token?
If the answer to the previous question is that it wants to issue me a new token how can I acquire that new token using only my existing long-lived token? I briefly looked into the Facebook Android SDK to see how it might work and it appears that there might be some sort of callback mechanism.
When I do a debug token call on my long-lived token at https://developers.facebook.com/tools/debug/accesstoken it says it never expires. Which is hopefully true, but contradicts Facebook's documentation stating they last for 60 days.
Any specific help on my questions would be greatly appreciated.
I'm making a facebook application that will scan a users' news feed on a daily basis - but the offline access token has been deprecated.
I know that the access token can be extended to 60 days. So if a user doesn't use my application for 60 days, would I be not able to access their information after that?
I read the developers section but didn't understand it properly.
That's exactly the point. You'll need to code your app to run through an authentication flow if the access token expires. Remember, the access token can expire for other (legitimate) reasons, other than timeout. If you're not asking for new permissions, and need to grab a new access tokens, the flow should happen without any user actions required.
You'll need to code for access tokens failing regardless of offline_access - so do it right! :)
I have searched in Facebook docs to post user's feed by getting access token.
But they mentioned that after two hours access token has expired.
My need is to post on my news feed using FB Graph API with one time user approval.
I have seen many applications which posts updates on my wall daily. I have given rights once only. But even I give full rights to my app, access token has expired in two hours. How can I do that in my app?
Make sure that ‘Deprecate offline access’ is enabled for your app.
You can find the setting from Edit App > Advanced > Migrations tab.
Its enabled by default for any newly created app. Once enabled your access token will be long lived (validity of 60 days).
You don't have to authorize the app more than once, it's just that your app is going to have negotiate a new access_token when it expires. This is done using the cookie and a "code" which is in that cookie as long as the user is logged into facebook. I suggest reading this documentation very closely as it outlines how you do the "oauth dance" to create access tokens either client or server side.
https://developers.facebook.com/docs/authentication/