Could someone say how can i extend the validity of the access token. The permission which i am giving to access token are manage_pages and publish_pages
At the moment, the answer is that unfortunately you can't (until further notice from Facebook).
Currently Facebook has been locking down this ability due to the security issues they are having. Until yesterday afternoon you could even cheat and create a "never expire" access token using a loophole. But as of today they have locked that down as well.
The 1 hour expiry is because it is a short lived token. You want to then request again with your secret so that you can get a long lived token that expires in 60 days. Explanation from FB devs is here: https://developers.facebook.com/docs/facebook-login/access-tokens
Related
After I read the graph api documentation, I understood the usually a regular user token has around 2 hours validity, and you can extend it for another 60 days.
I started to test the graph api, and I generated a token for my personal facebook acount using my own fb application.
I was surprised to find out the this token has the expiration date set to never.
Please have a look over the print screen which contains debug info about the token.
So the question is: why my token doesn't expire in a few hours as is specified in the graph api documentation ?
why my token doesn't expire in a few hours as is specified in the graph api documentation ?
That’s a “side effect” of manage_pages permission.
Extended page access tokens do have unlimited validity. And page access tokens still need to be tied to the user that created them somehow (if the user is removed as admin for the page, the page token needs to get invalidated as well) – so for implementation reasons Facebook chose the way of making the user access token have unlimited validity in this case as well.
Is it possible to generate an access token to read the feed of a facebook account, where the access token never expires.
From what I understand 60 days is the maximum if the initial login access token is exchanged.
Is it possible to go longer than 60 days?
Now that offline_access is no longer provided, the answer is NO.
There used be a permission called offline_access that let access token works longer for period of time, but it is removed now. Short-term access token and long-term access token are introduced, instead.
When you redirect your potential user to Login Dialog and the user complete his login and app authorization process, user is redirected back to your web page. That's where you get code parameter and you will exchange it for short-term access token, which stays valid for about 2 hours. That should be enough for login purpose.
If you wish to store the token for later use you should acquire long-term access token. I believe this is the one you mentioned. This token lives up to about 60 days as you already figured out and it is the longest.
I'm using the extended access token system to extend oAuth tokens issued by 60 days. This system is working well however one user was reporting that they had to keep resigning in. When debugging his access token these were the results:
Application ID
54321
Application
User ID
12345
Joe Blogs
Issued
1358275114 (21 hours ago)
Expires
Never
Valid True
Origin Web
Scopes email friends_events manage_pages publish_actions rsvp_event user_birthday user_events user_location
Facebook deprecated offline_access in October which was supposedly the only way to generate such a "never expiring" access token. To confirm my question: why am I seeing a never ending access token and one that does not expire in 60 days?
That access token has manage_pages permission - if you obtained a 60 day user access token, then used that to retrieve a page access token, the user access token linked to the (infinite) page access token also becomes non-expiring
See Scenario 5 on https://developers.facebook.com/roadmap/offline-access-removal/ for details
Facebook has deprecated the offline access permission.As a developer is there some other way for me to post on the wall of a user when he is not online or I can do that only when he is accessing my app?
You can increase 2 table columns in your app namely short_access_token & long_access_token.
Once user authenticates your app, an access token is generated, store it in short_access_token. Then pass this access token to:
https://graph.facebook.com/oauth/access_token?
client_id=APP_ID&
client_secret=APP_SECRET&
grant_type=fb_exchange_token&
fb_exchange_token=EXISTING_ACCESS_TOKEN
Once you run this, an access token with 60 days validity will be generated. Store it in long_access_token. Now, use this long_access_token for 60 days.
You can generate long lived access token only once a day i.e. the first time. Use this long lived access token to post on user's wall (if you've already got the permission).
Ref: https://developers.facebook.com/roadmap/offline-access-removal/
You can post to a users wall, without that user being logged in, for up to 60 days. After that, you will need to force the user to login to Facebook again and get a new 60 day access token.
To do all this gracefully, you should store the date of the acquisition of the token in your DB, and set up the necessary UI for the user as that date approaches.
In addition, if the user is an infrequent user of your application, you should really test the validity of the token at least once a day, and go redirect them to login to Facebook if your app finds that the token has expired. This also helps re. tokens becoming invalid due to the user changing their Facebook password.
Of course you can post to a user’s wall as long as you have a valid access token – no matter if they are “online” or not.
Stuff to read (clearly looks like you didn’t do much research of your own before asking):
https://developers.facebook.com/roadmap/offline-access-removal/
https://developers.facebook.com/blog/post/2011/05/13/how-to--handle-expired-access-tokens/
Bear with me, I know access_token questions have been asked a thousand times but I can't seem to find an answer to this specific question.
Is there an expiration date for Facebook Page (not app, not user) access tokens?
I know that:
offline_access has been deprecated.
I can request a 60-day user access_token
Step 1: I use Facebook Connect and I get a user access_token which has the manage_pages permission (by default, this token expires in 2 hours, extendable to 60 days)
Step 2: I then call /me/accounts and get an array of the user's pages each one with a listed page access_token
Step 3: I can use the page access_token in subsequent API calls to do things like posting to the user's page.
I need users to be able to schedule page updates to happen in the future (when they will not be online).
So again the question is:
What is the expiration date of the page access_token returned from /me/accounts?
If the expiration date is tied to something, what is it tied to?
Expiration date of the user access_token used when requesting /me/accounts?
60-days from when the request is made to /me/accounts?
I apologize for my confusion, the Facebook documentation seems to fall extremely short in describing these access tokens.
I just created a brand new app. Ensured the deprecate offline access was enabled. Went to explorer, found my new app in the dropdown, granted myself manage_pages, went to me/accounts grabbed one of the page access tokens, and then linted it. Whew! 1 hour expiration.
EDIT
I tried exchanging that 1 hour page token and I got an error from fb.
I went back to the user access token, and exchanged it for a 60 day one. Verified in the linter that it was a 60 day. Went back to me/accounts and grabbed one of the page access tokens and linted it. Suprise! Got a 60 day token from there.
So the moral of the story is, you cannot exchange page tokens, only user tokens. But with a 60 day user token you can get a 60 day page token. :)