Fb appends expiration signature to the assets. For example, this img is no longer available due to 403 URL signature expired error.
https://scontent.fbki2-1.fna.fbcdn.net/v/t39.30808-6/276133667_4947755065279678_6497677415797368256_n.jpg?stp=dst-jpg_fb50_s320x320&_nc_cat=108&ccb=1-5&_nc_sid=e3f864&_nc_eui2=AeH-djCRihF34DY-Tgzf9NWXUi1g7xil73BSLWDvGKXvcKRysnxlZMGv8f-Xl1Qr38U&_nc_ohc=UbpoyBjDc94AX-XCkH9&_nc_ht=scontent.fbki2-1.fna&oh=00_AT8_khmn5ss73ngB6b2Iz6vYoFqH1JweSRmYYNN74DdoBQ&oe=6256E5F4
Any idea on how to recreate the expired URL so that is not expired?
Related
Even after providing all valid credential and token refresh "insomnia" keep throwing "invalid csrf token" token in response.
I tried refreshing token, restart and changing different credentials nothing works.
Insomnia stores old token information in cookie. To get rid of this problem delete cookie.
Here is how to delete cookie:
Cookies can be added, viewed, modified or deleted within the cookie manager, accessible button at the top of the sidebar.
I've tried first to store and use the link the API returns, but it expires in a short amount of time. Then I tried to download and store the image locally (and serve it from my servers); but the thumbnail links throws a 404 error when I'm not logged in with my account (though the documents are fully public).
What's the correct way of serving/retrieving the thumbnail of a document?
I finally solved the problem. You can download the thumbnails if you fetch the URL before it expires and you use an authenticated client (using the token you have to access the API). This last bit it's important, because a normal GET request will receive a 404 error otherwise.
You need to add the Authorization header to the HTTP GET request for the thumbnailLink URL.
Authorization: OAuth [token]
Replace [token] with your OAuth token. Without the Authorization header, Google returns a 404 response. Keep in mind the link is not long lived, so you have to grab it quickly.
I got auth token for facebook account of a user I stored it in database but when i used it after few days it throws an error exception. How to get long lived access token?
Error is the following:
Received Facebook error response of type OAuthException:
Error validating access token: Session has expired at unix time 1333612800.
How to get a token that doesn't expire?
You cant have a token that doesnt expire anymore, you can only generate codes that last max 60 days.
At this url, Facebook explains how to authenticate using Facebook Connect.
Basically, the steps are the following:
Redirect to facebook as the example. As a result I'll get an authorization code
https://www.facebook.com/dialog/oauth?client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&scope=email,read_stream
Do a HTTP post to the following address, asking for an access_token
https://graph.facebook.com/oauth/access_token?client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&client_secret=YOUR_APP_SECRET&code=THE_CODE_FROM_ABOVE
Facebook will answer the last HTTP post with an access_token. Fine.
The access_token received above expires. The number of seconds it will still be valid is returned along with the access_token. Ok.
The problem is: What should I do after it expires?
From Facebook oficial website:
In addition to the access token (the access_token parameter), the response contains the number of seconds until the token expires (the expires parameter). Once the token expires, you will need to re-run the steps above to generate a new code and access_token
Wait! I can't re-run the steps above because in order to obtain a new authorization code I would have to redirect (step1). I don't want to redirect. I want to obtain a new authorization code through a web-service. The user already authorized my application and I won't have an oportunity again to redirect him or her.
What should I do?
PS: Thinking logically, I wouldn't need to gain a new authorization code after access_token expires. A new access_token would be enough. But, as I showed, facebook says authorization code also expires.
You would want to use the "offline_access" permission. This allows the token to be long-lived. See the permissions page: http://developers.facebook.com/docs/authentication/permissions/ .
Since they've removed offline_access, Facebook provided a way to extend the expiration of existing short-lived tokens.
Just make the following request:
https://graph.facebook.com/oauth/access_token?
client_id=APP_ID&
client_secret=APP_SECRET&
grant_type=fb_exchange_token&
fb_exchange_token=EXISTING_ACCESS_TOKEN
And, about the expiration of long-lived access tokens,
Currently the long-lived user access_token will be valid for 60 days while the
short-lived user access_tokens are currently valid from 1 to 2 hours.
For more information, please refer to https://developers.facebook.com/roadmap/offline-access-removal/
Users login Facebook on my website via an URL that redirects them to
https://graph.facebook.com/oauth/authorize?client_id=116908145XXXXXX&display=page&scope=offline_access&redirect_uri=http://localhost:8000/account/services/?service=facebookcallback
On the callback page I make a request with the code I receive to get the access token, at this URL
https://graph.facebook.com/oauth/access_token?code=2.3m2hLauQJpWTGFExUK6O3w__.3600.1290081600-100001796185871%7.....&format=json&redirect_uri=http%3A%2F%2Flocalhost%3A8000%2Faccount%2Fservices%2F%3Fservice%3Dfacebookcallback&client_id=116908145040447&scope=offline_access&client_secret=...
The response I get is this
access_token=116908145XXXXXX|2.3m2hLauQJpWTGFExUK6O3w__.3600.1290081600-100001796185871|S3MG...&expires=3912
As it can be seen from the token it has an expiration date.
The token expires some hours after the request. Shouldn't I receive an access token without expiration date if I make the requests with scope=offline_access ?
Old post, but the info might be useful for someone else.
Facebook now disables offline_access by default. You must enable an app migration if you still want to use it.
With the migration off, tokens will be "short lived" and last only an hour or two. You can get an extended token which lasts about 60 days by making a request to
https://graph.facebook.com/oauth/access_token?
client_id=APP_ID&
client_secret=APP_SECRET&
grant_type=fb_exchange_token&
fb_exchange_token=EXISTING_ACCESS_TOKEN
See this page for more details
tokens you get with offline_access permissions, are "long-lived" as facebook says in their documentation, but it is not said that it has no expiration / infinite. Even if you get this not-time-bounded access_token, it can still expire if the user changes his password or if he removes your application.
But to answer your question directly, yes you should get a long-lived access_token using "scope=offline_access". Also, please check if the dialog showed "Access my data anytime"