I'm trying to pull feeds from my FB page and display them on my website.
Facebook has a long live access token which expires within 60 days, so I need to find a way to automate a token refresh.
I've been doing research across StackOverflow but haven't found a successful solution to keeping my app working after the page access token expires.
Referencing this post: Facebook auto renewal of long access token, the answer states "Extended Page Tokens do not expire", but this is not true since it does expire within 60 days.
To refresh the token, you need users to log in - but I don't have any user interaction. I just want to pull page feeds.
Is there a way for me to refresh the token without having to do it manually every 60 days?
Referencing this post: Facebook auto renewal of long access token, the answer states "Extended Page Tokens do not expire", but this is not true since it does expire within 60 days.
That is a relatively new restriction; they used to have no default expiry at all, but now they are limited to up to 60 days.
Is there a way for me to refresh the token without having to do it manually every 60 days?
No, there is no way to do this without user interaction.
The whole point is that “long forgotten” apps people may have used at one point, won’t be able to use tokens acquired ages ago to continue requesting data “for all eternity”.
Related
So I'm trying to obtain a list of posts from a Facebook page that I have created. After reading the documentation, I need to provide a user access token / page token to each API request in order to get the data. The documentation states that the user access tokens & page access tokens come in two variants:
Short life, expires within a few hours / days.
Long life, expires within 90 days.
The application I am building is a aggregated news (Facebook, twitter and Instagram) feed that will be displayed to users on my website.
From what I have read, the app tokens don't have an expiration but cannot access the pages API.
Do Facebook really expect application owners to remember to manually update their keys every 90 days in order to keep the applications working, or am I missing something that I can do to automate this?
If it is only about your Page, you are not missing anything, and there is no way to automate generating tokens - that would make expiration dates pointless. You can only send yourself a reminder before it expires. But: It can also expire if your change your Facebook Password, for example. It would be a good idea to implement a proper error handling so you get a message when the Token does not work anymore.
If it is about other Pages too, you can apply for Page Public Content Access and use an App Token that is valid forever.
I have been trying to create a never-expiring Facebook Token (ideally programatically) and have not been able to do so, then, without really trying, on a different Facebook Application, I managed to create a token which, according to
https://developers.facebook.com/tools/debug/accesstoken?version=v2.5&q={TOKEN}
will never expire and I can't replicate it on any other Facebook Apps or for any other Facebook Tokens.
I can programatically (PHP) take the short lived token (1/2 hours) and extend it to 60 days, but I wanted to ideally get a never-expire token.
I guess I'm not asking how I managed to do it, but I can't find any explanation or documentation nor reason as to why I was able to achieve this for one token, but not any others.
Is it something in the App itself while it was created? Is there actually a way to get a never-expiring token, even though I've followed many of the guides online yet can only get a 1/2 hour token converted to 60 days?
Is there actually a way to get a never-expiring token
No, not really. Even what you think is a never-expiring token can expire - f.e. if the user who created it changes their account password.
I guess I'm not asking how I managed to do it, but I can't find any explanation or documentation nor reason as to why I was able to achieve this for one token, but not any others.
It is not documented, because Facebook wants you to use the 60 day tokens, when you app is acting on behalf of a personal user profile. They removed offline_access permission ages ago, specifically so that apps the user has long forgotten about can’t act on their behalf or still access their data any more.
So if you are writing an app that acts on behalf of users, you should really rather make do with the 60 day token - that should be enough for most cases.
Now what you are seeing with your token here, is a side effect of how Facebook has implemented extended page access tokens. Those do not have a default expiry - but they need to be invalidated when the user is removed as a page admin. Therefor, they are internally tied to the user token that was used to request the page token. User token gets invalidated - page access token becomes invalid together with it. And that in turn requires that the user token does not automatically expire after 60 days.
So, when you extend a user token that includes manage_pages permission, you will get an extended token with “unlimited” validity. But, again, that is a side effect of current implementation only, and can change in the future.
In my web app, I need to post on users facebook feed while they are offline. I already store long lived access tokens for the users. But these tokens also expire after 60 days.
The FB docs mention that it is necessary to redirect users to the login flow to get a renewed access token.
I was thinking of checking the facebook session validity of user, whenever they login to my app and to give them the option of re-authenticating facebook in case their access token has expired.
However this will involve user interaction if the user is not currently logged in to his facebook account.
Are there any alternative solutions to look at. Also, how do sites like Quora manage posting to user's wall, without needing to re-authenticate facebook after every 60 days.
PS - I am using the latest facebook php sdk.
Simple Answer: It is not possible to extend the Access Token on the server. It would make the whole concept void.
Earlier there was a permission called "offline access", but they changed it to an extended token with maximum 60 days to avoid those things. You should NEVER post anything on the wall of the user without his authorization, for every single post. You are not allowed to autofill/prefill the message parameter anyway (see Facebook terms), it always must be 100% user generated.
About Quora: i don´t know what exactly they are doing, but i assume they refresh the Access Token whenever the user goes to their website.
On thunderclap.it, users choose a cause to support, give post permissions (publish_actions) and when the cause "expires" it automatically posts to all the pledged users' feed at the same time.
This is ok for any cause up to 60 days (long-live access token).
How is it possible for causes that expire after 60 days?
For example, this one expires and will auto-post a message on your wall in 166 days.
https://www.thunderclap.it/projects/982-lights-of-the-city-by-tpr
Is it possible with the current access_token?
What needs to be done to achieve this functionality (auto-post to user's feed, regardless of user being online/offline and regardless when his last login at the app was)?
Everything I have read suggest this is possible for up to 60-days after the user gives the permission. And in order to extend this time you need the user to re-use the app (get new access token).
So, how does this work on thunderclap.it ?
Bear with me, I know access_token questions have been asked a thousand times but I can't seem to find an answer to this specific question.
Is there an expiration date for Facebook Page (not app, not user) access tokens?
I know that:
offline_access has been deprecated.
I can request a 60-day user access_token
Step 1: I use Facebook Connect and I get a user access_token which has the manage_pages permission (by default, this token expires in 2 hours, extendable to 60 days)
Step 2: I then call /me/accounts and get an array of the user's pages each one with a listed page access_token
Step 3: I can use the page access_token in subsequent API calls to do things like posting to the user's page.
I need users to be able to schedule page updates to happen in the future (when they will not be online).
So again the question is:
What is the expiration date of the page access_token returned from /me/accounts?
If the expiration date is tied to something, what is it tied to?
Expiration date of the user access_token used when requesting /me/accounts?
60-days from when the request is made to /me/accounts?
I apologize for my confusion, the Facebook documentation seems to fall extremely short in describing these access tokens.
I just created a brand new app. Ensured the deprecate offline access was enabled. Went to explorer, found my new app in the dropdown, granted myself manage_pages, went to me/accounts grabbed one of the page access tokens, and then linted it. Whew! 1 hour expiration.
EDIT
I tried exchanging that 1 hour page token and I got an error from fb.
I went back to the user access token, and exchanged it for a 60 day one. Verified in the linter that it was a 60 day. Went back to me/accounts and grabbed one of the page access tokens and linted it. Suprise! Got a 60 day token from there.
So the moral of the story is, you cannot exchange page tokens, only user tokens. But with a 60 day user token you can get a 60 day page token. :)