I created facebook app, now access token is for 60 days but i want to extend never expires access token .if you have any information please let me know.
There is no such thing as an access token that 'never expires'. Please read the Access Token Documentation. The best you can do is to get a token which is valid for 60 days and extend it after it has expired.
Native mobile applications using Facebook's SDKs will get long-lived
access tokens, good for about 60 days. These tokens will be refreshed
once per day when the person using your app makes a request to
Facebook's servers. If no requests are made, the token will expire
after about 60 days and the person will have to go through the login
flow again to get a new token.
Access tokens on the web often have a lifetime of about two hours, but
will automatically be refreshed when required. If you want to use
access tokens for longer-lived web apps, especially server side, you
need to generate a long-lived token. A long-lived token generally
lasts about 60 days.
Related
When I debug my Facebook user access token I see two expiration dates (Expires and Data Access Expires) as you can see here:
according to this link, token should expire 60 days after the last use but I'm seeing never and I don't know why! also when I exchange the user access token via this API, Data Access Expires does not change and I still get the same Data Access token Expires. My Facebook App is in development mode and I don't pass App Review yet. Also, I don't use FacebookSDK. do you know why I get never expires and why after exchanging the User Access token, Data access Expires doesn't extend?
Do Facebook has a refresh token of OAuth?
I wanna know if there is a refresh token, how long will it be expired? 60days?
And if Facebook don't have refresh token, then can I understand the long live access token as the refresh token, and short live access token as the access token?
Thanks.
Facebook does not provide a refresh token.
Facebook provides two kinds of access tokens,
Short lived access token:
A token that is expired after a short period of time (about 2 hours).
Short lived access tokens are usually used on web clients.
Long-lived access tokens: An access token which has a long life (about 60 days).
Long lived access tokens are usually used on mobile apps and server side.
You can generate long lived access tokens with the Facebook SDKs for Android and iOs, These tokens will be refreshed once per day when the person using your app makes a request to Facebook's servers. If no requests are made, the token will expire after the preset expiry and the person will have to go through the login flow again to get a new token.
It is possible to exchange a valid short lived access token for a long lived access token.
The documentation explains well about the tokens, exchanging methods, call parameters etc..
And if Facebook don't have refresh token, then can I understand the long live access token as the refresh token, and short live access token as the access token?
No.You can't. Refresh token is a token that may be used to obtain a new access token.
Facebook SDKs can refresh an access token at regular intervals before token expiry if connected.
I have a small misunderstanding with how FB access token is being refreshed.
I'm using FB JS SDK and every time I visit my page (as well as when I relogin) I get a new short-lived access token.
Then I send it to the server side and exchange it to a long-lived access token.
But despite I get a new long-lived access token, it still expires at the same time as the previous long-lived token. Facebook Access Token Debugger says that token, I've just got, was issued 18 hours ago.
Is this a normal behavior? Or maybe I'm doing something wrong?
Greatly appreciate your help.
It looks like FB refreshes an expiration time of a new long-lived access token if user visits a page in one day after the initial long-lived access token is issued. In this case you can get a short-lived access token and exchange it for a long-lived token, which would have a new expiration time (i.e. 60 days).
Have a look at my answer to a similar question:
Extending 60 days Facebook token
Basically, you can't refresh a long-lived token before it expires.
Is it possible to generate an access token to read the feed of a facebook account, where the access token never expires.
From what I understand 60 days is the maximum if the initial login access token is exchanged.
Is it possible to go longer than 60 days?
Now that offline_access is no longer provided, the answer is NO.
There used be a permission called offline_access that let access token works longer for period of time, but it is removed now. Short-term access token and long-term access token are introduced, instead.
When you redirect your potential user to Login Dialog and the user complete his login and app authorization process, user is redirected back to your web page. That's where you get code parameter and you will exchange it for short-term access token, which stays valid for about 2 hours. That should be enough for login purpose.
If you wish to store the token for later use you should acquire long-term access token. I believe this is the one you mentioned. This token lives up to about 60 days as you already figured out and it is the longest.
I have a an application which will make posts on multiple user profile pages and Fan Pages.
To obtain permission to do this, the app will process a client side auth and obtain the short-lived access token for each user who uses the app.
My app will then immediately exchange that for a 60 day long-lived access token, and store this for future use in a local DB. The app will then be able to update that users profile and pages for up to 60 days, whether the user is logged into FB or not.
The next bit is the important bit:
Each time the user uses my app, my app will test the validity of the current access token, in case the user has changed their password etc, or the 60 days have elapsed.
If the access token is no longer valid, my app will seek to obtain a new one.
If the user is not logged into Facebook at this point, it is my understanding that I will have to prompt a login and force a client side auth, to obtain a new short-lived access token which I will have to exchange for a new 60 day long-lived token.
Is this correct? ie that the user has to login again? ie there is not way to process the access_token update on the server side?
Also, is it the case the the 60 day expiry only applies in respect of user access tokens, and does not apply in respect of page access tokens?
thx
Is this correct? ie that the user has to login again? ie there is not way to process the access_token update on the server side?
No. You need a valid short-lived user access token first, and that you get through the process of client-side login.
Also, is it the case the the 60 day expiry only applies in respect of user access tokens, and does not apply in respect of page access tokens?
Correct, page tokens do not expire by default, if they where obtained using a long-lived user access token.