Facebook long-lived acces token with permissions - facebook

How get long-lived access token with permission user_posts???
I am using
https://graph.facebook.com/oauth/access_token?
grant_type=fb_exchange_token&client_id=xxx&
client_secret=xxx&fb_exchange_token={short-lived-token}
I need to user_posts permissionto gain access to Fb sharedposts, what you need to add to this URL

You first need to get the short-lived Acces Token via the normal login flow. Once you got it, you can exchange the short-lived one into a long-lived one.
See
https://developers.facebook.com/docs/facebook-login/v2.3
https://developers.facebook.com/docs/facebook-login/access-tokens#termtokens
https://developers.facebook.com/docs/facebook-login/access-tokens#extending

Related

How to get my own Facebook user access token indefinitely?

I want to pull my most recent images from facebook's api for my personal website. I cannot seem to find a way to only authenticate my user without the login dialog. Does anyone know if this is possible? I can generate my user access token inside the graph API Explorer, but it expires in 1 hour.
How to get my own Facebook user access token indefinitely
You cannot!
But you can extend this token that will be valid for 60 days - called the long-lived token. So, if a user visits your application at least once in 60 days you can have the access to user's data indefinitely.
Simple call to get the long-lived user access token-
GET /oauth/access_token?
grant_type=fb_exchange_token&
client_id={app-id}&
client_secret={app-secret}&
fb_exchange_token={short-lived-token}
Refreshing this token- The user have to go through the login process again (calling login API) to get the short-lived token and then perform the same exchange for a fresh long lived token with 60 days expiry.
You can also debug your token anytime with-
GET /debug_token?
input_token={input-token}&
access_token={access-token} // a valid user access token or app access token

How can I get permanent page access token?

I'm an admin for a Facebook page I want to handle a server side job scheduler which post every specific time into that Page using Facebook Graph API.
I'm using this code to do that job: $facebook->api("/$page_id/feed","post",$args); and it is working fine for me.
But I have a problem related to Page Access Token. I need to have a permanent Page Access Token to work forever not to update the access token every specific time because it will be server side job scheduler, no GUI for it.
Any suggestion about how to get Permanent Page Access token?
Note: I followed the steps in Facebook documentation
but I have 3 wanderings about it :
Shall I have Facebook app to get Long-Lived Page Authentication ??
I don't have that option on my Facebook app advanced setting
"deprecate offline_access" ??
Is the 60 days is the max valid duration which I can give it to Page
Access Token .. can't it become permanent for ever ??
Earlier people could use offline_access permission to obtain a permanent token. But it looks like Facebook is deprecating this particular permission. Instead, you first need to obtain a short-lived token, then exchange it for a long-lived token, which remains valid for 60 days. Same goes for page tokens.
When a user grants an app the manage_pages permission, the app is able
to obtain page access tokens for pages that the user administers by
querying the [User ID]/accounts Graph API endpoint. With the migration
enabled, when using a short-lived user access token to query this
endpoint, the page access tokens obtained are short-lived as well.
Exchange the short-lived user access token for a long-lived access
token using the endpoint and steps explained earlier. By using a
long-lived user access token, querying the [User ID]/accounts endpoint
will now provide page access tokens that do not expire for pages that
a user manages. This will also apply when querying with a non-expiring
user access token obtained through the deprecated offline_access
permission.
https://developers.facebook.com/roadmap/offline-access-removal/

Creating an event with an App Token

When an event is created on our system I want to create the event on Facebook via our page. This is an entirely server-side process with no user interaction.
I've linked my page to my app, grabbed the "app token" for my application from https://developers.facebook.com/tools/access_token and tried to create an event by POSTing to /mypage/events but I just get (OAuthException - #1) An unknown error has occurred.. I'm assuming app tokens don't have access to create events for my page.
I can use a page token but this expires after 60 days and I'll have to keep updating the token. Is there a way to have this token last forever? I can renew it in code but it requires a user access token.
What's the best way to go about this?
You cannot use an app token to create an event on behalf of a page. You must use a page token and if you follow scenario 5 listed at https://developers.facebook.com/roadmap/offline-access-removal/, the page token will have no expiry.
Exchange the short-lived user access token for a long-lived access token using the endpoint and steps explained earlier. By using a long-lived user access token, querying the [User ID]/accounts endpoint will now provide page access tokens that do not expire for pages that a user manages. This will also apply when querying with a non-expiring user access token obtained through the deprecated offline_access permission.

C# facebook extend long-lived access token expiration day by renewing

Currently I am working with long-lived access token (60 day expiration long-lived).
I see a post in facebook I can extend long-lived access token by first getting back short-lived access token and then renewing it to new long-lived token.
I hope this can be done without user getting involved. (user doesn't have to log in and give the permissions again for this process)
Has anybody done this in c#?
It would be greatly appreciated if you can share code or link.
Here is the instruction from facebook website:
"If you would like to refresh a still valid long-lived access_token, you will have to get a new short-lived user access_token first and then call the same endpoint below. The returned access_token will have a fresh long-lived expiration time, however, the access_token itself may or may not be the same as the previously granted long-lived access_token."
And here is some example posted right below the instruction which I am not familiar with how to use:
https://graph.facebook.com/oauth/access_token?
client_id=APP_ID&
client_secret=APP_SECRET&
grant_type=fb_exchange_token&
fb_exchange_token=EXISTING_ACCESS_TOKEN
Website source: http://developers.facebook.com/roadmap/offline-access-removal/
[…] y first getting back short-lived access token and then renewing it to new long-lived token. I hope this can be done without user getting involved.
No, of course it can not, at least not without any user interaction.
You have to at least have the user visit one of you pages, where you can check his login status client-side and get a short-lived access token in return if he is still connected to your app.

Extending Facebook Page Access Token

i need to extend my facebook access token, I'm calling this:
https://graph.facebook.com/oauth/access_token?
client_id={MY PAGE ID}&
client_secret={THE SECRET KEY OF MY APP}&
grant_type=fb_exchange_token&
fb_exchange_token={AN ACCESS TOKEN FOR MY PAGE}
and I'm getting this error:
"error": {
"message": "Error validating application. Cannot get application info due to a system error.",
"type": "OAuthException",
"code": 101
}
I've seen a lot of problem with that access_token, but none answer relative to pages, idk why facebook use api that why... but is the way...
Thank you,
To get a long-lived access token you need to follow those steps:
Create an Application
Create a Page (your account need to be "administrator" of the page)
Associate the application to the Page (the same way you do it when you want to add a Page Tab to a Page)
http://facebook.com/add.php?api_key=*YOUR_APP_ID*&pages=1&page=*YOUR_PAGE_ID*
Get a short-lived access token with the permission "manage_pages" associated to your Application.
https://graph.facebook.com/oauth/authorize?client_id=__APP_ID__&scope=manage_pages&redirect_uri=http://www.facebook.com/connect/login_success.html
then
https://graph.facebook.com/oauth/access_token?client_id=__APP_ID__&redirect_uri=http://www.facebook.com/connect/login_success.html&client_secret=__APP_SECRET__&code=__CODE_FROM_PREVIOUS_REQUEST__
Using the Graph API Explorer with the request /me/accounts you can see the access tokens for each Pages that you are administrator. The problem is that those access token are short-lived.
Convert your short-lived access token to a long-lived (extending access token):
https://graph.facebook.com/oauth/access_token?client_id=_APP_ID_&client_secret=_APP_SECRET_&grant_type=fb_exchange_token&fb_exchange_token=_ACCESS_TOKEN_ON_STEP_4_
You can now test your new access token with the Access Token Debugger.
Scenario 5: Page Access Tokens
When a user grants an app the manage_pages permission, the app is able
to obtain page access tokens for pages that the user administers by
querying the [User ID]/accounts Graph API endpoint. With the migration
enabled, when using a short-lived user access token to query this
endpoint, the page access tokens obtained are short-lived as well.
Exchange the short-lived user access token for a long-lived access
token using the endpoint and steps explained earlier. By using a
long-lived user access token, querying the [User ID]/accounts endpoint
will now provide page access tokens that do not expire for pages that
a user manages. This will also apply when querying with a non-expiring
user access token obtained through the deprecated offline_access
permission.
https://developers.facebook.com/roadmap/offline-access-removal/