Workflow of my application is following:
-User can log into system
-User retrieves user token which is (or should not be) saved to DB
-User selects one of his pages and requests token with publish_pages permission
-token is saved into DB
For next X amount of days(event months or years) facebook webhook triggers my API which uses that token to post response to graph API.
Is there any way to get longterm token or any refresh token api endpoint which would not require for user to log in each time when sessions expires to get another token?
Basicaly, this should serve as an app that will auto reply to comments on facebook page posts
Extended Page Tokens are valid forever, just use that one.
Information about how to generate an Extended Page Token can be found here:
https://developers.facebook.com/docs/facebook-login/access-tokens/
http://www.devils-heaven.com/facebook-access-tokens/
Steps:
Get User token with publish_pages and manage_pages
Extend User Token
Get Extended Page Token by using the Extended User Token with /me/accounts?fields=name,access_token
Related
I'm an admin for a Facebook page I want to handle a server side job scheduler which post every specific time into that Page using Facebook Graph API.
I'm using this code to do that job: $facebook->api("/$page_id/feed","post",$args); and it is working fine for me.
But I have a problem related to Page Access Token. I need to have a permanent Page Access Token to work forever not to update the access token every specific time because it will be server side job scheduler, no GUI for it.
Any suggestion about how to get Permanent Page Access token?
Note: I followed the steps in Facebook documentation
but I have 3 wanderings about it :
Shall I have Facebook app to get Long-Lived Page Authentication ??
I don't have that option on my Facebook app advanced setting
"deprecate offline_access" ??
Is the 60 days is the max valid duration which I can give it to Page
Access Token .. can't it become permanent for ever ??
Earlier people could use offline_access permission to obtain a permanent token. But it looks like Facebook is deprecating this particular permission. Instead, you first need to obtain a short-lived token, then exchange it for a long-lived token, which remains valid for 60 days. Same goes for page tokens.
When a user grants an app the manage_pages permission, the app is able
to obtain page access tokens for pages that the user administers by
querying the [User ID]/accounts Graph API endpoint. With the migration
enabled, when using a short-lived user access token to query this
endpoint, the page access tokens obtained are short-lived as well.
Exchange the short-lived user access token for a long-lived access
token using the endpoint and steps explained earlier. By using a
long-lived user access token, querying the [User ID]/accounts endpoint
will now provide page access tokens that do not expire for pages that
a user manages. This will also apply when querying with a non-expiring
user access token obtained through the deprecated offline_access
permission.
https://developers.facebook.com/roadmap/offline-access-removal/
When an event is created on our system I want to create the event on Facebook via our page. This is an entirely server-side process with no user interaction.
I've linked my page to my app, grabbed the "app token" for my application from https://developers.facebook.com/tools/access_token and tried to create an event by POSTing to /mypage/events but I just get (OAuthException - #1) An unknown error has occurred.. I'm assuming app tokens don't have access to create events for my page.
I can use a page token but this expires after 60 days and I'll have to keep updating the token. Is there a way to have this token last forever? I can renew it in code but it requires a user access token.
What's the best way to go about this?
You cannot use an app token to create an event on behalf of a page. You must use a page token and if you follow scenario 5 listed at https://developers.facebook.com/roadmap/offline-access-removal/, the page token will have no expiry.
Exchange the short-lived user access token for a long-lived access token using the endpoint and steps explained earlier. By using a long-lived user access token, querying the [User ID]/accounts endpoint will now provide page access tokens that do not expire for pages that a user manages. This will also apply when querying with a non-expiring user access token obtained through the deprecated offline_access permission.
I'm writing code to allow uploading of events from a website to facebook, to do that I require a manage page access token, the procedure I`v found to obtain that is:
First Having added the domain to the app:
Then get a short term access token with:
https://www.facebook.com/dialog/oauth?client_id=[App ID]&redirect_uri=[full website uri]&scope=create_event&response_type=token
Then get a longer lasting access token from:
https://graph.facebook.com/oauth/access_token?client_id=[App ID]&client_secret=[App Secret]&grant_type=fb_exchange_token&fb_exchange_token=[access token given above]
Then get a page specific token from:
https://graph.facebook.com/me/accounts?access_token=[access token given above]
That returns a json encoded array with tokens for each page I manage which I gather lasts for 60 days.
However I don't manage the website I`m coding for, so don't wish to have to repeat this manual procedure every 2 months, can someone give an idea for an automated procedure or to confirm if such is not possible with facebook.
If you are extending the user access token then the page token received will not have an expiry date. So then the user will only have to login once in the entire usage of the app.
Exchange the short-lived user access token for a long-lived access token using the endpoint and steps explained earlier. By using a long-lived user access token, querying the [User ID]/accounts endpoint will now provide page access tokens that do not expire for pages that a user manages. This will also apply when querying with a non-expiring user access token obtained through the deprecated offline_access permission.
https://developers.facebook.com/roadmap/offline-access-removal/
I am wondering if it is possible to obtain an extended access token for facebook pages that do not have a facebook profile set as it's administrator. I see it is possible to create a facebook page without setting a user profile as the admin and having those pages auth with my app.
For pages that do have a facebook profile as it's administrator, I am able to extend the short lived access token when requesting the manage_pages permission. But I'm not if there is no user associated with it.
The documentation describes this process for extending page tokens.
Apps can retrieve a Page access token from Page admin users when they
authenticate with the manage_pages permission. If the user access
token used to retrieve this Page access token is short-lived, the Page
access token will also be short-lived.
To get a longer-lived Page access token, exchange the User access
token for a long-lived one, as above, and then request the Page token.
The resulting Page access token will not have an expiry time at all.
Extending Access Tokens Documentation
I am wondering if it's possible to obtain extended access tokens for pages when there is no admin associated with the page.
All pages must be owned by a user account, either a regular user account or a business account - and both work in the same way as far as the API is concerned, at least for login (business accounts don't have names, a timeline, friends, etc so are obviously not the exact same, but they log in and grant access to apps the same way)
I just tested a few minutes ago using the my app, a business account and the server side oauth flow and received a long expiry (approx 60 day) token correctly when exchanging the business account's code for an access token
I was then able go through the flow again, this time asking for manage_pages permission and was able to use the token to retrieve a non-expiring page access token for a page the account manages using the regular process (a call to /me/accounts or `/?fields=access_token)
i need to extend my facebook access token, I'm calling this:
https://graph.facebook.com/oauth/access_token?
client_id={MY PAGE ID}&
client_secret={THE SECRET KEY OF MY APP}&
grant_type=fb_exchange_token&
fb_exchange_token={AN ACCESS TOKEN FOR MY PAGE}
and I'm getting this error:
"error": {
"message": "Error validating application. Cannot get application info due to a system error.",
"type": "OAuthException",
"code": 101
}
I've seen a lot of problem with that access_token, but none answer relative to pages, idk why facebook use api that why... but is the way...
Thank you,
To get a long-lived access token you need to follow those steps:
Create an Application
Create a Page (your account need to be "administrator" of the page)
Associate the application to the Page (the same way you do it when you want to add a Page Tab to a Page)
http://facebook.com/add.php?api_key=*YOUR_APP_ID*&pages=1&page=*YOUR_PAGE_ID*
Get a short-lived access token with the permission "manage_pages" associated to your Application.
https://graph.facebook.com/oauth/authorize?client_id=__APP_ID__&scope=manage_pages&redirect_uri=http://www.facebook.com/connect/login_success.html
then
https://graph.facebook.com/oauth/access_token?client_id=__APP_ID__&redirect_uri=http://www.facebook.com/connect/login_success.html&client_secret=__APP_SECRET__&code=__CODE_FROM_PREVIOUS_REQUEST__
Using the Graph API Explorer with the request /me/accounts you can see the access tokens for each Pages that you are administrator. The problem is that those access token are short-lived.
Convert your short-lived access token to a long-lived (extending access token):
https://graph.facebook.com/oauth/access_token?client_id=_APP_ID_&client_secret=_APP_SECRET_&grant_type=fb_exchange_token&fb_exchange_token=_ACCESS_TOKEN_ON_STEP_4_
You can now test your new access token with the Access Token Debugger.
Scenario 5: Page Access Tokens
When a user grants an app the manage_pages permission, the app is able
to obtain page access tokens for pages that the user administers by
querying the [User ID]/accounts Graph API endpoint. With the migration
enabled, when using a short-lived user access token to query this
endpoint, the page access tokens obtained are short-lived as well.
Exchange the short-lived user access token for a long-lived access
token using the endpoint and steps explained earlier. By using a
long-lived user access token, querying the [User ID]/accounts endpoint
will now provide page access tokens that do not expire for pages that
a user manages. This will also apply when querying with a non-expiring
user access token obtained through the deprecated offline_access
permission.
https://developers.facebook.com/roadmap/offline-access-removal/