I am trying to r generate long lived access token for my app. I created long lived access token manually using explorer and it expired after 60 days. Is there a way to auto regenerate access token without login flow using app id & secret id?
You cannot auto-regenerate a (User) Token without user interaction. 60 days is the maximum lifespan of a User Token. If it would be possible to auto-generate a User Token, it would not even make sense to set a limited lifespan.
Related
Our app does not have a Facebook login. We have our own login that does not tie to Facebook login any way.
Our server uses a never expire token to make api calls (server to server) as majority of the calls will need to update/manipulate things in our db
However, for some instances it will be beneficial if from our server we can pass our client a "short-lived" token to the web client (UI) which then can use the token to call the Facebook graph api directly in these cases.
We found a way to create a long lived token from a long lived token and pass it along the UI but we would prefer if the token expires quickly so that it minimizes the token theft and unintentional use of our ad accounts using a long lived token from a web browser.
So is it possible to generate short lived token from a system/never expire token to pass it down to UI to make graph api calls or to expire a long lived token, in a way that it does not affect other tokens? Currently it seems when we expire a token, it expires all token within that app.
Do Facebook has a refresh token of OAuth?
I wanna know if there is a refresh token, how long will it be expired? 60days?
And if Facebook don't have refresh token, then can I understand the long live access token as the refresh token, and short live access token as the access token?
Thanks.
Facebook does not provide a refresh token.
Facebook provides two kinds of access tokens,
Short lived access token:
A token that is expired after a short period of time (about 2 hours).
Short lived access tokens are usually used on web clients.
Long-lived access tokens: An access token which has a long life (about 60 days).
Long lived access tokens are usually used on mobile apps and server side.
You can generate long lived access tokens with the Facebook SDKs for Android and iOs, These tokens will be refreshed once per day when the person using your app makes a request to Facebook's servers. If no requests are made, the token will expire after the preset expiry and the person will have to go through the login flow again to get a new token.
It is possible to exchange a valid short lived access token for a long lived access token.
The documentation explains well about the tokens, exchanging methods, call parameters etc..
And if Facebook don't have refresh token, then can I understand the long live access token as the refresh token, and short live access token as the access token?
No.You can't. Refresh token is a token that may be used to obtain a new access token.
Facebook SDKs can refresh an access token at regular intervals before token expiry if connected.
I created facebook app, now access token is for 60 days but i want to extend never expires access token .if you have any information please let me know.
There is no such thing as an access token that 'never expires'. Please read the Access Token Documentation. The best you can do is to get a token which is valid for 60 days and extend it after it has expired.
Native mobile applications using Facebook's SDKs will get long-lived
access tokens, good for about 60 days. These tokens will be refreshed
once per day when the person using your app makes a request to
Facebook's servers. If no requests are made, the token will expire
after about 60 days and the person will have to go through the login
flow again to get a new token.
Access tokens on the web often have a lifetime of about two hours, but
will automatically be refreshed when required. If you want to use
access tokens for longer-lived web apps, especially server side, you
need to generate a long-lived token. A long-lived token generally
lasts about 60 days.
I have a an application which will make posts on multiple user profile pages and Fan Pages.
To obtain permission to do this, the app will process a client side auth and obtain the short-lived access token for each user who uses the app.
My app will then immediately exchange that for a 60 day long-lived access token, and store this for future use in a local DB. The app will then be able to update that users profile and pages for up to 60 days, whether the user is logged into FB or not.
The next bit is the important bit:
Each time the user uses my app, my app will test the validity of the current access token, in case the user has changed their password etc, or the 60 days have elapsed.
If the access token is no longer valid, my app will seek to obtain a new one.
If the user is not logged into Facebook at this point, it is my understanding that I will have to prompt a login and force a client side auth, to obtain a new short-lived access token which I will have to exchange for a new 60 day long-lived token.
Is this correct? ie that the user has to login again? ie there is not way to process the access_token update on the server side?
Also, is it the case the the 60 day expiry only applies in respect of user access tokens, and does not apply in respect of page access tokens?
thx
Is this correct? ie that the user has to login again? ie there is not way to process the access_token update on the server side?
No. You need a valid short-lived user access token first, and that you get through the process of client-side login.
Also, is it the case the the 60 day expiry only applies in respect of user access tokens, and does not apply in respect of page access tokens?
Correct, page tokens do not expire by default, if they where obtained using a long-lived user access token.
I'm trying to understand how to make scheduled calls to FQL queries without an authenticated user initiating the query. (Similar to a cron-job, I guess)
I've experimented with trying to implement cron jobs to make FQL queries but haven't had any success.
Could anyone please steer me in the right direction?
You have 3 options:
When the user enters your app use the client side authentication, get a short lived user access token and then extend it using the new endpoint for 60 days.
For those 60 days you can use that user token and do as the permissions the user has granted allow you to.
When the 60 days are over you'll need the user to reengage with your app to get a new token for another 60 days.
Use the server side authentication to get a long lived user token (60 days), then the same as in 1.
If you get the publish_stream permission then you can publish as the user with the app token which does not expire, as it states in Authenticating as an App:
App access tokens can also be used to publish content to Facebook on
behalf of a user who has granted a publishing permission to your
application.
App Access Tokens generally do not expire. Once generated, they are
valid indefinitely.
You may not be able to use the 3rd option, it depends on what data you want to get from the api.
I suggest that you use the Access Token Tool to get a user and app tokena, save the app token somewhere and then test your queries in the Explorer Tool with the user token.
When the user token expires try the same with the app token to see if it can be used for what you need.