I'm confusing about this error (take from facebook documentation) :
Access Token invalidated due to the person logging out or changing their password
{
"error": {
"message": "Error validating access token: The session is invalid
because the user logged out.",
"type": "OAuthException",
"code": 190
}
}
If the access token becomes invalid, the solution is to have the person log in again, at which point you will be able to make API calls on their behalf once more. The login flow your app uses for new people should determine which method you need to adopt.
This is the case: users visit my site and log in with facebook -> i obtain a user access token -> i exchange this short-life user token with a 60 days token -> every day a cron job made a call to facebook to get like counts of some user's posts by the long life token i have retrived from facebook.
It works but , maybe some day later, if a user hit the logout button on his facebook profile page, my long-life token stops to works and return the error.
My question is, if the user re-login in his facebook profile page, my long life token will restart to works? Or the user needs to visit my site again and then relogin to give me another short-life token that i can exchange with a new long-life token?
if i need to request a new long life token, there is an alternative that i can use to maintain a token valid for a month at least, without requesting the login to the user again?
Related
I'm trying to retrieve Facebook Lead using graph API using App Token to be long time token.
But the graph API return the following error
{
"error": {
"message": "A user access token is required to request this resource.",
"type": "OAuthException",
"code": 102,
"fbtrace_id": ""
}
}
I want to retrieve it with app token, any ideas.
Thanks in advance.
I have found solution. If you need to retrieve page leadgen then you must use page access token where ad was created and generated, otherwise it doesn't work.
How I have solved this case:
Connect to application and logging in with user
Exchange retrieved user short (1-2h) access token to long lived access token (~60 days if not using access token, else if you use it daily it will never expire)
call facebook api to retrieve user pages thru server using new users long lived token (this way page access tokens will have ~60 days and if use it daily then it will never expire)
when webhook sends you leadgen_id use server call to retrieve lead data using not app access token but long lived page access token that you have saved in database. As webhook sends leadgen_id, page_id and etc, you can connect page access token to page id and then with webhook data you can get correct access token and retrieve details about the lead from facebook.
For me this approach worked. I'm using Python to communicate in server side.
Comment or message me if you'r having issues.
I want my application to post to a single, pre-defined user's wall something like "We just posted a new blog at [URL]" with no client-side interaction.
But every answer I can find on this topic seems to hinge on getting an access token through
https://graph.facebook.com/oauth/access_token
Which gives you some redirect url through which a user has to log in manually.
I've got near zero experience with Facebook. Is it possible to automatically get an access token for a predefined user? Am I doing it wrong? ;)
You can't.
Facebook doesn't give you a way to automatically get an access token for a user. That user needs to log into Facebook and explicitly give your app permission. The best you can get is a long-lived access token that remains valid for up to 60 days.
Getting that token requires a two step process:
1) Logging into Facebook using either the JavaScript API or redirecting the user to a valid Facebook login URL.
2) Retrieving the short-lived access token you got in step 1 for a long-lived access token.
Once you've got that access token, should your post fail, you know you need to re-authenticate the user and get a new long-lived access token. Your user needs to be online and logged into Facebook for this to work, though it can happen without their interaction.
I am facing this error with some of my users, the case is as following:
I use facebook "App access token" to post actions to facebook Open Graph instead of the user access token because app access token don't expire according to facebook documentation unless you refreshed the app secret, I use the follwoing Post url to post actions
https://graph.facebook.com/user_facebook_id/App_Namespace:action_name?FBOG_Object=FBOG_OBJECT_URL&access_token=app_access_token
Some of the actions do appear on facebook, but for some users the actions fails to post and return the following message:
{ "error": { "message": "Error validating access token: Session has expired at unix time 1345759200. The current unix time is 1345925578.", "type": "OAuthException", "code": 190, "error_subcode": 463 } }
What am I doing wrong? Why do I have an expiration error although am using the app access token? Should I worry for user permissions?
After checking the servers it seems that the code that uses the app token was not deployed and the code that uses the user token is still there.
The app token does not expire unless the app owner took some action.
https://developers.facebook.com/docs/authentication/applications/
Error message clearly shows that your access token expired and you need to get another one.
However you can handle this issue : Access token expiration
Also if you are looking for a long life token you need to provide some more parameters while authorizing the application to a new user.
offline_access parameter can be included in a request but now it's been deprecated by facebook. Removal of offline access
I am using the Graph API for an app that chooses a "fan of the week" for Facebook pages and announces them automatically to their feed.
For the purpose of announcing the fan on the feed, I store the OAuth access token for the user who installed the app. However sometimes the tokens get invalidated and then the app will fail to post to the feed.
{
"error" : {
"message" : "Error validating access token: The session has been invalidated
because the user has changed the password.",
"type" : "OAuthException"
}
}
Here is another type of error I also get sometimes:
{
"error": {
"message": "Error validating access token: Session does not match
current stored session. This may be because the user changed the
password since the time the session was created or Facebook has changed
the session for security reasons.",
"type": "OAuthException"
}
}
I already have the "offline_access" for these users, but the tokens are still becoming invalid sometimes. Is there anything else I can do to prevent this from happening, besides sending the user an email asking them to visit the app page again so that I could get a new OAuth token?
There's no way around this that doesn't require user intervention of some kind. If it's an app or page users are unlikely to visit frequently, then sending that e-mail sounds like a good idea. When users visit the page or app you can use the FB Javascript SDK, which automatically refreshes sessions, and subscribe to the FB.Event.subscribe('auth.sessionChange') with a handler that updates the token in your database.
If you are trying to publish to a users feed and you have publish_stream permission which hasn't been revoked, you can mostly likely still publish to /userId/feed using an access_token in this format: appid|appsecret. Note that /me will obviously not work because you are using the applications access token.
I've created a Facebook .NET Desktop Application. On the first run, the application opens a second window with a Web Browser directed to the authorization page for my application with the required permissions from the user.
If the user authorizes my app, Facebook is redirecting me to the static login_success.html and appends the AccessToken to the Hash (#) part of the Url of the browser rendered in my second .NET Application window.
I hand that AccessToken to my main application window and do my requests to the graph api on behalf of the respective user.
That's fine, and working so far!
But, how can I
check if the AccessToken I've stored is still valid and how
can I renew an expired AccessToken without bugging the user with the second browser window (of course assuming the user hasn't revoked the authorization for my app) and how
can I recognize that the user has revoked the authorization?
check if the AccessToken I've stored is still valid?
Try and use the token against the Graph, and if it give you an error (Something like OAuthException or OAuthError), it's not valid, else it still is.
Can I renew an expired AccessToken without bugging the user with the second browser?
No that I know of. But, AccessTokens (with the Offline Access permission) don't expire. I've received an AccessToken for one of my apps almost 2 years ago and it hasn't changed or expired, so I think you should be good. They might become invalid if your App Secret changes or if the user changes their password (I'm pretty sure on that last one, but not 100%)
Can I recognize that the user has revoked the authorization?
Yes, if you query the Graph with an AccessToken that is not authorized for that function, it will give you an OAuthException. Just check for exceptions after you receive Graph data and it will let you know, for the most part, why you weren't able to receive Facebook data.
Unfortunately, if your Access Token expires you have to get the user to go through Facebook to get a new Access Token. An offline_access token does not ever expire due to time, like joe_coolish pointed out, but it does expire if the user changes their password. So your program needs recognize when a user's access token is invalid and get the user "refresh it" by going through the oauth endpoint.
Recognizing that the user's token is invalid is the same process as recognizing that the user has revoked authorization for your application. Whenever you make a graph request with an invalid access token, Facebook will give you an OAuthException saying that you don't have access.