I want to pull my most recent images from facebook's api for my personal website. I cannot seem to find a way to only authenticate my user without the login dialog. Does anyone know if this is possible? I can generate my user access token inside the graph API Explorer, but it expires in 1 hour.
How to get my own Facebook user access token indefinitely
You cannot!
But you can extend this token that will be valid for 60 days - called the long-lived token. So, if a user visits your application at least once in 60 days you can have the access to user's data indefinitely.
Simple call to get the long-lived user access token-
GET /oauth/access_token?
grant_type=fb_exchange_token&
client_id={app-id}&
client_secret={app-secret}&
fb_exchange_token={short-lived-token}
Refreshing this token- The user have to go through the login process again (calling login API) to get the short-lived token and then perform the same exchange for a fresh long lived token with 60 days expiry.
You can also debug your token anytime with-
GET /debug_token?
input_token={input-token}&
access_token={access-token} // a valid user access token or app access token
Related
I'm an admin for a Facebook page I want to handle a server side job scheduler which post every specific time into that Page using Facebook Graph API.
I'm using this code to do that job: $facebook->api("/$page_id/feed","post",$args); and it is working fine for me.
But I have a problem related to Page Access Token. I need to have a permanent Page Access Token to work forever not to update the access token every specific time because it will be server side job scheduler, no GUI for it.
Any suggestion about how to get Permanent Page Access token?
Note: I followed the steps in Facebook documentation
but I have 3 wanderings about it :
Shall I have Facebook app to get Long-Lived Page Authentication ??
I don't have that option on my Facebook app advanced setting
"deprecate offline_access" ??
Is the 60 days is the max valid duration which I can give it to Page
Access Token .. can't it become permanent for ever ??
Earlier people could use offline_access permission to obtain a permanent token. But it looks like Facebook is deprecating this particular permission. Instead, you first need to obtain a short-lived token, then exchange it for a long-lived token, which remains valid for 60 days. Same goes for page tokens.
When a user grants an app the manage_pages permission, the app is able
to obtain page access tokens for pages that the user administers by
querying the [User ID]/accounts Graph API endpoint. With the migration
enabled, when using a short-lived user access token to query this
endpoint, the page access tokens obtained are short-lived as well.
Exchange the short-lived user access token for a long-lived access
token using the endpoint and steps explained earlier. By using a
long-lived user access token, querying the [User ID]/accounts endpoint
will now provide page access tokens that do not expire for pages that
a user manages. This will also apply when querying with a non-expiring
user access token obtained through the deprecated offline_access
permission.
https://developers.facebook.com/roadmap/offline-access-removal/
after searching and reading the official docs on extending tokens I don't get a clear pciture if there's a better way to refresh long-lived access tokens from a native desktop app than prompting the user to login and authorize url again. This call is not allowed for dektop apps:
GET /oauth/access_token?
grant_type=fb_exchange_token&
client_id={app-id}&
client_secret={app-secret}&
fb_exchange_token={short-lived-token}
So the only choice I find now is detect if token is about to expire and when true redirect user to login page to re-authorize my app, not very comfortable, do you know of any other method?
According to your question you want to refresh long lived token.The service you want to hit is to get long lived from short lived token which you have got from authentication flow, rather than refreshing existing long lived token
You can generate a new long-lived token by sending the person back to the login flow used by your web app - note that the person will not actually need to login again, they have already authorized your app, so they will immediately redirect back to your app from the login flow with a refreshed token.
After doing the above you will obtain a new short-lived token and then you need to perform the same exchange for a long-lived token.
Refer https://developers.facebook.com/docs/facebook-login/access-tokens to get details in depth
When an event is created on our system I want to create the event on Facebook via our page. This is an entirely server-side process with no user interaction.
I've linked my page to my app, grabbed the "app token" for my application from https://developers.facebook.com/tools/access_token and tried to create an event by POSTing to /mypage/events but I just get (OAuthException - #1) An unknown error has occurred.. I'm assuming app tokens don't have access to create events for my page.
I can use a page token but this expires after 60 days and I'll have to keep updating the token. Is there a way to have this token last forever? I can renew it in code but it requires a user access token.
What's the best way to go about this?
You cannot use an app token to create an event on behalf of a page. You must use a page token and if you follow scenario 5 listed at https://developers.facebook.com/roadmap/offline-access-removal/, the page token will have no expiry.
Exchange the short-lived user access token for a long-lived access token using the endpoint and steps explained earlier. By using a long-lived user access token, querying the [User ID]/accounts endpoint will now provide page access tokens that do not expire for pages that a user manages. This will also apply when querying with a non-expiring user access token obtained through the deprecated offline_access permission.
I'm writing code to allow uploading of events from a website to facebook, to do that I require a manage page access token, the procedure I`v found to obtain that is:
First Having added the domain to the app:
Then get a short term access token with:
https://www.facebook.com/dialog/oauth?client_id=[App ID]&redirect_uri=[full website uri]&scope=create_event&response_type=token
Then get a longer lasting access token from:
https://graph.facebook.com/oauth/access_token?client_id=[App ID]&client_secret=[App Secret]&grant_type=fb_exchange_token&fb_exchange_token=[access token given above]
Then get a page specific token from:
https://graph.facebook.com/me/accounts?access_token=[access token given above]
That returns a json encoded array with tokens for each page I manage which I gather lasts for 60 days.
However I don't manage the website I`m coding for, so don't wish to have to repeat this manual procedure every 2 months, can someone give an idea for an automated procedure or to confirm if such is not possible with facebook.
If you are extending the user access token then the page token received will not have an expiry date. So then the user will only have to login once in the entire usage of the app.
Exchange the short-lived user access token for a long-lived access token using the endpoint and steps explained earlier. By using a long-lived user access token, querying the [User ID]/accounts endpoint will now provide page access tokens that do not expire for pages that a user manages. This will also apply when querying with a non-expiring user access token obtained through the deprecated offline_access permission.
https://developers.facebook.com/roadmap/offline-access-removal/
Currently I am working with long-lived access token (60 day expiration long-lived).
I see a post in facebook I can extend long-lived access token by first getting back short-lived access token and then renewing it to new long-lived token.
I hope this can be done without user getting involved. (user doesn't have to log in and give the permissions again for this process)
Has anybody done this in c#?
It would be greatly appreciated if you can share code or link.
Here is the instruction from facebook website:
"If you would like to refresh a still valid long-lived access_token, you will have to get a new short-lived user access_token first and then call the same endpoint below. The returned access_token will have a fresh long-lived expiration time, however, the access_token itself may or may not be the same as the previously granted long-lived access_token."
And here is some example posted right below the instruction which I am not familiar with how to use:
https://graph.facebook.com/oauth/access_token?
client_id=APP_ID&
client_secret=APP_SECRET&
grant_type=fb_exchange_token&
fb_exchange_token=EXISTING_ACCESS_TOKEN
Website source: http://developers.facebook.com/roadmap/offline-access-removal/
[…] y first getting back short-lived access token and then renewing it to new long-lived token. I hope this can be done without user getting involved.
No, of course it can not, at least not without any user interaction.
You have to at least have the user visit one of you pages, where you can check his login status client-side and get a short-lived access token in return if he is still connected to your app.