I work on a project that has Facebook pages as one of its data sources. It imports some data from it periodically with no GUI involved. Then we use a web app to show the data we already have.
Not all the information is public. This means I have to get access to the data once and then keep it. However, I don't know the process and I haven't found a good tutorial on that yet. I guess I need an access_token, how can I get it from the user, step by step? The user is an admin of a facebook page, will he have to add some FB app of ours to the page?
EDIT: Thanks #phwd for the tip. I made a tutorial how to get a permanent page access token, even with offline_access no longer existing.
EDIT: I just found out it's answered here: Long-lasting FB access-token for server to pull FB page info
Following the instructions laid out in Facebook's extending page tokens documentation I was able to get a page access token that does not expire.
I suggest using the Graph API Explorer for all of these steps except where otherwise stated.
0. Create Facebook App
If you already have an app, skip to step 1.
Go to My Apps.
Click "+ Add a New App".
Setup a website app.
You don't need to change its permissions or anything. You just need an app that wont go away before you're done with your access token.
1. Get User Short-Lived Access Token
Go to the Graph API Explorer.
Select the application you want to get the access token for (in the "Application" drop-down menu, not the "My Apps" menu).
Click "Get Token" > "Get User Access Token".
In the pop-up, under the "Extended Permissions" tab, check "manage_pages".
Click "Get Access Token".
Grant access from a Facebook account that has access to manage the target page. Note that if this user loses access the final, never-expiring access token will likely stop working.
The token that appears in the "Access Token" field is your short-lived access token.
2. Generate Long-Lived Access Token
Following these instructions from the Facebook docs, make a GET request to
https://graph.facebook.com/v2.10/oauth/access_token?grant_type=fb_exchange_token&client_id={app_id}&client_secret={app_secret}&fb_exchange_token={short_lived_token}
entering in your app's ID and secret and the short-lived token generated in the previous step.
You cannot use the Graph API Explorer. For some reason it gets stuck on this request. I think it's because the response isn't JSON, but a query string. Since it's a GET request, you can just go to the URL in your browser.
The response should look like this:
{"access_token":"ABC123","token_type":"bearer","expires_in":5183791}
"ABC123" will be your long-lived access token. You can put it into the Access Token Debugger to verify. Under "Expires" it should have something like "2 months".
3. Get User ID
Using the long-lived access token, make a GET request to
https://graph.facebook.com/v2.10/me?access_token={long_lived_access_token}
The id field is your account ID. You'll need it for the next step.
4. Get Permanent Page Access Token
Make a GET request to
https://graph.facebook.com/v2.10/{account_id}/accounts?access_token={long_lived_access_token}
The JSON response should have a data field under which is an array of items the user has access to. Find the item for the page you want the permanent access token from. The access_token field should have your permanent access token. Copy it and test it in the Access Token Debugger. Under "Expires" it should say "Never".
Here's my solution using only Graph API Explorer & Access Token Debugger:
Graph API Explorer:
Select your App from the top right dropdown menu
Select "Get User Access Token" from dropdown (right of access token field) and select needed permissions
Copy user access token
Access Token Debugger:
Paste copied token and press "Debug"
Press "Extend Access Token" and copy the generated long-lived user access token
Graph API Explorer:
Paste copied token into the "Access Token" field
Make a GET request with "PAGE_ID?fields=access_token"
Find the permanent page access token in the response (node "access_token")
(Optional) Access Token Debugger:
Paste the permanent token and press "Debug"
"Expires" should be "Never"
(Tested with API Version 2.9-2.11, 3.0-3.1)
In addition to the recommended steps in the Vlasec answer, you can use:
Graph API explorer to make the queries, e.g. /{pageId}?fields=access_token&access_token=THE_ACCESS_TOKEN_PROVIDED_BY_GRAPH_EXPLORER
Access Token Debugger to get information about the access token.
Another PHP answer to make lives easier. Updated for Facebook Graph API 2.9 . Just fill 'er up and load.
<?php
$args=[
/*-- Permanent access token generator for Facebook Graph API version 2.9 --*/
//Instructions: Fill Input Area below and then run this php file
/*-- INPUT AREA START --*/
'usertoken'=>'',
'appid'=>'',
'appsecret'=>'',
'pageid'=>''
/*-- INPUT AREA END --*/
];
echo 'Permanent access token is: <input type="text" value="'.generate_token($args).'"></input>';
function generate_token($args){
$r=json_decode(file_get_contents("https://graph.facebook.com/v2.9/oauth/access_token?grant_type=fb_exchange_token&client_id={$args['appid']}&client_secret={$args['appsecret']}&fb_exchange_token={$args['usertoken']}")); // get long-lived token
$longtoken=$r->access_token;
$r=json_decode(file_get_contents("https://graph.facebook.com/v2.9/me?access_token={$longtoken}")); // get user id
$userid=$r->id;
$r=json_decode(file_get_contents("https://graph.facebook.com/v2.9/{$userid}?fields=access_token&access_token={$longtoken}")); // get permanent token
if($r->id==$args['pageid']) $finaltoken=$r->access_token;
return $finaltoken;
}
?>
Addendum: (alternative)
Graph 2.9 onwards , you can skip much of the hassle of getting a long access token by simply clicking Extend Access Token at the bottom of the Access Token Debugger tool, after having debugged a short access token. Armed with information about pageid and longlivedtoken, run the php below to get permanent access token.
<?php
$args=[
/*-- Permanent access token generator for Facebook Graph API version 2.9 --*/
//Instructions: Fill Input Area below and then run this php file
/*-- INPUT AREA START --*/
'longlivedtoken'=>'',
'pageid'=>''
/*-- INPUT AREA END --*/
];
echo 'Permanent access token is: <input type="text" value="'.generate_token($args).'"></input>';
function generate_token($args){
$r=json_decode(file_get_contents("https://graph.facebook.com/v2.9/{$args['pageid']}?fields=access_token&access_token={$args['longlivedtoken']}"));
return $r->access_token;
}
?>
Although the second code saves you a lot of hassle, I recommend running the first php code unless you are in a lot of hurry because it cross-checks pageid and userid. The second code will not end up working if you choose user token by mistake.
Thanks to dw1 and Rob
I made a PHP script to make it easier. Create an app. In the Graph API Explorer select your App and get a user token with manage_pages and publish_pages permission. Find your page's ID at the bottom of its About page. Fill in the config vars and run the script.
<?php
$args=[
'usertoken'=>'',
'appid'=>'',
'appsecret'=>'',
'pageid'=>''
];
echo generate_token($args);
function generate_token($args){
$r=json_decode(file_get_contents("https://graph.facebook.com/v2.8/oauth/access_token?grant_type=fb_exchange_token&client_id={$args['appid']}&client_secret={$args['appsecret']}&fb_exchange_token={$args['usertoken']}")); // get long-lived token
$longtoken=$r->access_token;
$r=json_decode(file_get_contents("https://graph.facebook.com/v2.8/me?access_token={$longtoken}")); // get user id
$userid=$r->id;
$r=json_decode(file_get_contents("https://graph.facebook.com/v2.8/{$userid}/accounts?access_token={$longtoken}")); // get permanent token
foreach($r->data as $d) if($d->id==$args['pageid']) return $d->access_token;
}
I tried these steps:
https://developers.facebook.com/docs/marketing-api/access#graph-api-explorer
Get Permanent Page Access Token
Go to Graph API Explorer
Select your app in Application
Paste the long-lived access token into Access Token
Next to Access Token, choose the page you want an access token for. The access token appears as a new string.
Click i to see the properties of this access token
Click “Open in Access Token Tool” button again to open the “Access Token Debugger” tool to check the properties
One Tip, it only worked for me when the page language is english.
As all the earlier answers are old, and due to ever changing policies from facebook other mentioned answers might not work for permanent tokens.
After lot of debugging ,I am able to get the never expires token using following steps:
Graph API Explorer:
Open graph api explorer and select the page for which you want to obtain the access token in the right-hand drop-down box, click on the Send button and copy the resulting access_token, which will be a short-lived token
Copy that token and paste it in access token debugger and press debug button, in the bottom of the page click on extend token link, which will extend your token expiry to two months.
Copy that extended token and paste it in the below url with your pageId, and hit in the browser url
https://graph.facebook.com/{page_id}?fields=access_token&access_token={long_lived_token}
U can check that token in access token debugger tool and verify Expires field , which will show never.
Thats it
Most of the answers above now doesn't give permanent token, they only extend it to 2 months. Here's how I got it:
From Graph Explorer tool, select the relevant permissions and get the short lived page access token.
Go to debugger tool and paste your access token. Then, click on 'Extend Token' button at the bottom of the page.
Copy the the extended token and use it in this API:
https://graph.facebook.com/v2.10/me?fields=access_token&access_token=<extended_access_token>
This should return you the permanent access token. You can verify it in debugger tool, the expires at field should say 'Never'.
If you are requesting only page data, then you can use a page access token. You will only have to authorize the user once to get the user access token; extend it to two months validity then request the token for the page. This is all explained in Scenario 5. Note, that the acquired page access token is only valid for as long as the user access token is valid.
While getting the permanent access token I followed above 5 steps as Donut mentioned. However in the 5th step while generating permanent access token its returning the long lived access token(Which is valid for 2 months) not permanent access token(which never expires). what I noticed is the current version of Graph API is V2.5. If you trying to get the permanent access token with V2.5 its giving long lived access token.Try to make API call with V2.2(if you are not able to change version in the graph api explorer,hit the API call https://graph.facebook.com/v2.2/{account_id}/accounts?access_token={long_lived_access_token} in the new tab with V2.2) then you will get the permanent access token(Which never expires)
In addition to mentioned methods it is worth mentioning that for server-to-server applications, you can also use this form of permanent access token:
app_id|app_secret
This type of access token is called App Token. It can generally be used to call Graph API and query for public nodes within your application back-end.
It is mentioned here: https://developers.facebook.com/docs/facebook-login/access-tokens
If you have facebook's app, then you can try with app-id & app-secret.
Like :
access_token={your-app_id}|{your-app_secret}
it will don't require to change the token frequently.
Thanks to #donut I managed to get the never expiring access token in JavaScript.
// Initialize exchange
fetch('https://graph.facebook.com/v3.2/oauth/access_token?grant_type=fb_exchange_token&client_id={client_id}&client_secret={client_secret}&fb_exchange_token={short_lived_token}')
.then((data) => {
return data.json();
})
.then((json) => {
// Get the user data
fetch(`https://graph.facebook.com/v3.2/me?access_token=${json.access_token}`)
.then((data) => {
return data.json();
})
.then((userData) => {
// Get the page token
fetch(`https://graph.facebook.com/v3.2/${userData.id}/accounts?access_token=${json.access_token}`)
.then((data) => {
return data.json();
})
.then((pageToken) => {
// Save the access token somewhere
// You'll need it at later point
})
.catch((err) => console.error(err))
})
.catch((err) => console.error(err))
})
.catch((err) => {
console.error(err);
})
and then I used the saved access token like this
fetch('https://graph.facebook.com/v3.2/{page_id}?fields=fan_count&access_token={token_from_the_data_array}')
.then((data) => {
return data.json();
})
.then((json) => {
// Do stuff
})
.catch((err) => console.error(err))
I hope that someone can trim this code because it's kinda messy but it was the only way I could think of.
Application request limit reached (#4) - FB API v2.1 and greater
This answer led me to the "ultimate answer for us" and so it is very much related so I am appending it here. While it's related to the above it is different and it seems FB has simplified the process some.
Our sharing counts on our site stopped worked when FB rolled over the api to v 2.1. In our case we already had a FB APP and we were NOT using the FB login. So what we needed to do was get a FB APP Token to make the new requests. This is as of Aug. 23 2016.
Go to: https://developers.facebook.com/tools/explorer
Select the api version and then use GET and paste the following:
/oauth/access_token?client_id={app-id}&client_secret={app-secret}&grant_type=client_credentials
You will want to go grab your app id and your app secret from your app page. Main FB Apps developer page
Run the graph query and you will see:
{
"access_token": "app-id|app-token",
"token_type": "bearer"
}
Where "app-id" and "app-token" will be your app id from your FB app page and the generated FB App HASH you just received.
Next go test your new APP access token: FB Access Token tester
You should see, by pasting the "app-token" into the token tester, a single app based token without an expiration date/time.
In our case we are using the FB js sdk so we changed our call to be like so (please note this ONLY gets the share count and not the share and comment count combined like it used to be):
FB.api(
'/','GET',{
// this is our FB app token for our FB app
access_token: FBAppToken,
"id":"{$shareUrl}","fields":"id,og_object{ engagement }"
}
This is now working properly. This took a lot of searching and an official bug report with FB to confirm that we have to start making tokenized requests to the FB api. As an aside I did request that they (FB) add a clue to the Error code (#4) that mentions the tokenized request.
I just got another report from one of our devs that our FB comment count is broken as well due to the new need for tokenized requests so I will update this accordingly.
Many of these examples do not work, not sure if it's because of 2.9v coming out but I was banging my head. Anyways I took #dw1 version and modified it a little with the help of #KFunk video and got this working for me for 2.9. Hope this helps.
$args=[
/*-- Permanent access token generator for Facebook Graph API version 2.9 --*/
//Instructions: Fill Input Area below and then run this php file
/*-- INPUT AREA START --*/
'usertoken'=>'',
'appid'=>'',
'appsecret'=>'',
'pageid'=>''
/*-- INPUT AREA END --*/
];
echo 'Permanent access token is: <input type="text" value="'.generate_token($args).'"></input>';
function generate_token($args){
$r = json_decode(file_get_contents("https://graph.facebook.com/v2.9/oauth/access_token?grant_type=fb_exchange_token&client_id={$args['appid']}&client_secret={$args['appsecret']}&fb_exchange_token={$args['usertoken']}")); // get long-lived token
$longtoken=$r->access_token;
$r=json_decode(file_get_contents("https://graph.facebook.com/{$args['pageid']}?fields=access_token&access_token={$longtoken}")); // get user id
$finaltoken=$r->access_token;
return $finaltoken;
}
As of April 2020, my previously-permanent page tokens started expiring sometime between 1 and 12 hours. I started using user tokens with the manage_pages permission to achieve the previous goal (polling a Page's Events). Those tokens appear to be permanent.
I created a python script based on info found in this post, hosted at github.com/k-funk/facebook_permanent_token, to keep track of what params are required, and which methods of obtaining a permanent token are working.
I created a small NodeJS script based on donut's answer. Store the following in a file called get-facebook-access-token.js:
const fetch = require('node-fetch');
const open = require('open');
const api_version = 'v9.0';
const app_id = '';
const app_secret = '';
const short_lived_token = '';
const page_name = '';
const getPermanentAccessToken = async () => {
try {
const long_lived_access_token = await getLongLivedAccessToken();
const account_id = await getAccountId(long_lived_access_token);
const permanent_page_access_token = await getPermanentPageAccessToken(
long_lived_access_token,
account_id
);
checkExpiration(permanent_page_access_token);
} catch (reason) {
console.error(reason);
}
};
const getLongLivedAccessToken = async () => {
const response = await fetch(
`https://graph.facebook.com/${api_version}/oauth/access_token?grant_type=fb_exchange_token&client_id=${app_id}&client_secret=${app_secret}&fb_exchange_token=${short_lived_token}`
);
const body = await response.json();
return body.access_token;
};
const getAccountId = async (long_lived_access_token) => {
const response = await fetch(
`https://graph.facebook.com/${api_version}/me?access_token=${long_lived_access_token}`
);
const body = await response.json();
return body.id;
};
const getPermanentPageAccessToken = async (
long_lived_access_token,
account_id
) => {
const response = await fetch(
`https://graph.facebook.com/${api_version}/${account_id}/accounts?access_token=${long_lived_access_token}`
);
const body = await response.json();
const page_item = body.data.find(item => item.name === page_name);
return page_item.access_token;
};
const checkExpiration = (access_token) => {
open(`https://developers.facebook.com/tools/debug/accesstoken/?access_token=${access_token}&version=${api_version}`);
}
getPermanentAccessToken();
Fill in the constants and then run:
npm install node-fetch
npm install open
node get-facebook-access-token.js
After running the script a page is opened in the browser that shows the token and how long it is valid.
I found this answer which refers to this tool which really helped a lot.
I hope this answer is still valid when you read this.
Related
I get data from the Facebook insights via Facebook Graph API more than year. And recently started all my requests (like {id}/insights) to return with an error: (#190) This method must be called with a Page Access Token.
But the Access token contains scopes manage_pages,read_insights.
Any ideas?
manage_pages,read_insights
This will give a user access_token , that u can use to manage pages & check insights,
But a page token became required for any /insights endpoint since 5th feb 2018
Use your manage_pages scope & user_token to get a Page access token
Send a get request to this endpoint
GET /{page-id}?fields=access_token
Output
{
"access_token": "{your-page-access-token}",
"id": "{page-id}"
}
You can use the returned access token to call /insights endpoint now.
As I cant add comment I'll write it here.
Field name is access_token which you can check here with your page id.
https://developers.facebook.com/tools/explorer/?method=GET&path=page-id%3Ffields%3Daccess_token&version=v2.12
For PHP
If you had your script in PHP, using Facebook SDK for PHP and now it brokes, you just need to retrieve token and pass it instead of access/refresh token you were using.
//Retrieve new 'page access token'.
$token = $fbApiClient -> get( "/{$pageId}?fields=access_token") -> getGraphNode()-> asArray();
//$q is your insights query which was working until now :(
//But with page acces token it will work again.
$response = $fbApiClient -> get( $q, $token['access_token']) -> getGraphEdge();
//(...) rest of script.
I think its easily adaptable to other languages too. Also you can (and propably should) store page access token and use it wherever you need, instead of retrieving it each time.
Ok, so what I am trying to do is a bit odd, so I can't find anything that gives me even a remote idea about how to do this.
I need to access my personal profile posts:
FB.api("/" + myPersonalUserId + "/feed", {limit: 5}, function(data){
console.log(data);
// do stuff with my user info
});
in order to display them on my personal webite, similar to a dynamic blog. But I want it to automatically retrieve these posts without my having to be signed in on each computer that wants to view my site.
Before you get sidetracked on the init, I am using an app and app id that my personal user account has verified access to all permissions.
I know it will require the use of an access token, but how do I get a valid access token without being logged into that computer?
Honestly, I'm starting to question if it is even possible, but if anyone knows how I could accomplish this, that would be awesome!
The best way to achieve this is to just cache the data in your own database and refresh it whenver the user uses your App again.
If that´s not good enough, you have to generate and store an Extended User Token. How to create one is explained in the docs:
https://developers.facebook.com/docs/facebook-login/access-tokens
http://www.devils-heaven.com/facebook-access-tokens/
Extended User Tokens are valid for 60 days, there is no User Token that is valid forever. And you should never use Tokens directly on the client, because some user could just copy it from the source. Tokens are meant to be secret, so use it on the server only. You don´t need to use the PHP SDK, a simple CURL call to the Graph API will do it:
https://graph.facebook.com/[your-app-scoped-id]/feed?access_token=[extended-user-token]
Ok, so I found a solution similar to the one above, but offers a permanent access token.
first, build a url:
url = 'https://graph.facebook.com/v2.5/' + {app user Id, not public Id} + '/feed';
url += '?access_token=' + {app Id} + '|' + {app secret};
url += '&fields=id,name,message,full_picture,created_time'; // these scopes should be approved by corresponding user
url += '&limit=5';
then run it by calling a simple ajax request. These variables should be served from the server through ajax, not hardcoded on the client
I've registered an Facebook-App and created a token with all permissions I need. Among them
manage_pages
read_mailbox
read_page_mailbox
Now I want to use the Facebook open graph API to read some data from my own FB-page. I want to read the private messages that the page received and that I sent to some of the fans on my pages behalf.
I know I can get all information by sending a http-request like this:
https://graph.facebook.com/{page-id}/{object}?access_token={token}
where {something} are placeholders for actual values. To give an working example, I can read the postings that appeared on my page by sending this request:
https://graph.facebook.com/141928949155955/posts?access_token={my secret token}
As I said, this works fine, since more than two years. (I just need to update the token from time to time)
But now I want to read the private conversations between the page and it's fans. I want to extract all conversations and insert them into a spreadsheet. I want to do it once, and maybe in 1 or 2 years again. I could extract them manually from the browser window by copy and paste for each conversation, but since there are so many conversations I think it costs less time to let a program do it for me.
If I understand Facebooks Documentation correct, then the keyword that I must use must be conversations. But I get this:
https://graph.facebook.com/141928949155955/conversations?access_token={secret token}
{
"error": {
"message": "(#210) Subject must be a page.",
"type": "OAuthException",
"code": 210
}
}
But 141928949155955 is a page. I don't know what I'm doing wrong. What is the correct request that I must send to receive a pages private conversations?
EDIT (June 16th):
I can read my personal conversations with this request:
https://graph.facebook.com/me/conversations?access_token={secret token}
But I don't want to read the conversations that I made as a person. I need those of one of my pages.
I found the solution for my problem. (Thanks kush, your answer helped a lot, but I want to add some more information)
My problem was that I misunderstood the error message "Subject must be a page." I thought that "Subject" refers to a part in the query string. But it refers to the token! A message like "Token must be a Page Access Token" would have saved me WEEKS of needless searching over a period of more than two years! How can you use a term like "Subject" when you nowhere define what "Subject" is?
So it was not the query string that was wrong. It was the type of the token!
Now here is the complete procedure to solve the problem (get a Page Access Token)
SOLUTION
Step 1
Get a User Access Token for your App that you can use later to get a Page Access Token
1.1 Go to Graph API Explorer https://developers.facebook.com/tools/explorer/
1.2 Select your App from the "Application:" drop down menu.
1.3 Click "Get Access Token".
1.4 From the tab "Extended Permissions" select "manage_pages".
Additionally select all permissions you need for the Page Access Token. (Although now you don't create a Page Access Token, just a User Access Token)
1.5 Click "Get Access Token".
1.6 Grant the permissions by clicking "OK".
In the field "Access Token:" you find now a Token that is an User Access Token. It is not a Page Access Token! This Token has all permissions you need to manage your page (including the permission "manage_pages"), but you can't use it to manage pages since it is the wrong type of token. You need this token only for one reason: To create a new token.
Step 2
Use the User Access Token you just got to create a Page Access Token
2.1 Enter "me/accounts" in the query field
2.2 Click "Submit"
You get a list of your pages, each with an "access_token" (which is now a Page Access Token). Each of this tokens did inherit the permissions from the User Access Token you used when you called "me/accounts".
This Page Access Token expires after one hour.
supplement
If you want a Page Access Token that never expires, do it this way:
A.1 Go to https://developers.facebook.com
A.2 From the drop down menu "Apps" select the App you want to use.
A.3 Click on "show" in the field "App Secret" (you need to enter your Facebook Password)
A.4 Open a new tab in your browser and there execute steps 1.1 to 1.6 from above to generate a short-lived User Access Token
A.5 Open a third Tab in your browser and there enter this string into the address field of your browser:
https://graph.facebook.com/v2.0/oauth/access_token?grant_type=fb_exchange_token&client_id={app-id}&client_secret={app-secret}&fb_exchange_token={short-lived-token} (do not press enter!) If this strings disappears when switching from one browser tab to another use any text editor to assemble the string and copy it later into the address field.
A.6 In this string replace {app-id} and {app-secret} by the values from the browser tab that still shows your Apps data.
A.7 Replace {short-lived-token} with the User Access Token you find in the field "Access Token:" from the Graph API Explorer.
(After this step there are no more curly brackets in the address string)
A.8 send this request (press Enter now)
Your browser window now shows a String with the fields "access_token" and "expires", separated by an ampersand ("&") which is not part of the token. This Token is a long lived User Access Token that will expire in two month.
A.9 Execute Steps 2.1 and 2.2 using the "access_token" from step A.8
The result is a Page Access Tokes with all permissions you selected in Step 1.4 and that never will expire.
Good luck!
Using page access token should help since you are reading from the page ..
Graph api node: GET me/accounts
me/accounts would give you the pages you are admin for and use access token coming in the page info dictionary.
you should get the following data from me/accounts
{
"data": [
{
"category": "Product/service",
"name": "Sample Page",
"access_token": "{page-access-token}",
"id": "1234567890",
"perms": [
"ADMINISTER",
"EDIT_PROFILE",
"CREATE_CONTENT",
"MODERATE_CONTENT",
"CREATE_ADS",
"BASIC_ADMIN"
]
},
}
Use page-access-token to access data from page as the page admin and thou shall receive data :) let me know if this works :)
A successful authorization would return an access token to your app, which you can then use to perform actions to the Facebook API. The error message displayed means you do not have a valid access token which means you probably did not authenticate the app correctly. I would put some logging on the onFacebookError and onError methods to see what the problem is.
Request Permission At Login time So Its Authentication Error
Permission List
https://developers.facebook.com/docs/facebook-login/access-tokens/
Set Permission Reference
https://developers.facebook.com/docs/android/login-with-facebook#permissions
I have managed to post to Facebook Page via API (C#), but when administrator of the page logs out, the following error occurs:
"(OAuthException - #190) Error validating access token: The session is invalid because the user logged out."
How do I generate access token which is never expired?
I need a solution that doesn't open Facebook Login dialog.
You can generate never expiring access token without coding, following this instructions:
Open graph Explorer: https://developers.facebook.com/tools/explorer/.
Choose your application from the right corner dropdown.
From "Get Token" dropdown choose your Fan Page.
Click on submit button to generate token.
From the left side on "Search for a field" enter access_token and click submit again. Copy this token from the main window.
Open https://developers.facebook.com/tools/debug/accesstoken and paste token here. Click "Debug".
Click the button "Extend Access Token". This will generate never expiring token.
This is the code that I use to generate "Never" expire access token using PHP SDK:
$facebook = new \Facebook\Facebook([
'app_id' => '{app-id}',
'app_secret' => '{app-secret}',
'default_graph_version' => 'v2.10',
'default_access_token' => '{access-token}'
]);
// Exchange token
$token = $facebook->post('/oauth/access_token',
array(
'grant_type' => 'fb_exchange_token',
'client_id' => 'APP ID',
'client_secret' => 'APP Secret',
'fb_exchange_token' => 'access Token'
)
);
$token = $token->getDecodedBody();
$token = $token['access_token'];
echo $token;
I echo the access token and then debug it using the access token debugger. The result should be: Expires: Never.
References from the Documentation:
Set Extended Token
Expiration and Extending Tokens
Extending Page Access Tokens
Generate long-lived token for admin of the fan page http://appdevresources.blogspot.sg/2012/11/extend-facebook-access-token-make-it.html (nice explanation with images)
Generate long-lived token for fan page itself http://appdevresources.blogspot.sg/2012/11/retrieving-facebook-page-id-and.html
Use token from 2) to post on the fan page's wall (no need for Facebook Login dialog)
Resulted token will never expire (even if administrator of the fan page did log out)
You can use following api from facebook to refresh token life to 60 days and just when the token is about to expire, call the same api again with-in 60 days to refresh its life back to 60 days from that point of time
Token expire is present in expires parameter and its value is in seconds
Replace CLIENT_ID and CLIENT_SECRET with their actual value
https://graph.facebook.com/oauth/access_token?client_id=<CLIENT_ID>
&client_secret=<CLIENT_SECRET>&grant_type=fb_exchange_token
&fb_exchange_token=<ACCESS_TOKEN>
in ACCESS_TOKEN, put the actual token value without appending "access_token="
Create an app if you don't have - https://developers.facebook.com/
Create a short lived user access token in the Graph Explorer - https://developers.facebook.com/tools/explorer/
Select your app created above and select “Get user access token in the drop down”
In the user access token pop up you can select some permissions for the token.
For an non expiry page access token you need to select "publish pages" and "manage pages"
Create long lived user access token
Go to https://developers.facebook.com/tools/accesstoken/. There you will find short lived user access tokens and app access token of all the apps you have
Press debug option of user access token of the app created above. This will take you to the debug tool. Where you can find all the information of short lived user access token.
In the bottom there is option to generate long lived(60 days) user access token for this short lived user access token. Generate long lived user access token by selecting “Extend Access Token”
Create never expired page access token
a. Go to the Graph Explorer - https://developers.facebook.com/tools/explorer/.
b. Paste the long lived user access token generated in previous step inside “Access token” field.
c. Access “/me?fields=access_token” api . This will result page access tokens and pages related to them. These page access tokens will never expire(until user change the password/user revoke the app)
Verify non expiry page access token
a. Go to https://developers.facebook.com/tools/debug/accesstoken/
b. Add the page access token retrieved from above step into “Access token “ field and debug
You will get expires as Never
Found here with little changes:
https://medium.com/#Jenananthan/how-to-create-non-expiry-facebook-page-token-6505c642d0b1
It's November 2018 and this worked for me!
<?php
$args=[
'usertoken'=>'xxx',
'appid'=>'xxx',
'appsecret'=>'xxx',
'pageid'=>'xxx'
];
function generate_token($args){
$r = json_decode(file_get_contents("https://graph.facebook.com/v2.9/oauth/access_token?grant_type=fb_exchange_token&client_id={$args['appid']}&client_secret={$args['appsecret']}&fb_exchange_token={$args['usertoken']}")); // get long-lived token
$longtoken=$r->access_token;
$r=json_decode(file_get_contents("https://graph.facebook.com/{$args['pageid']}?fields=access_token&access_token={$longtoken}")); // get user id
$finaltoken=$r->access_token;
return $finaltoken;
}
echo "https://graph.facebook.com/v2.9/oauth/access_token?grant_type=fb_exchange_token&client_id={$args['appid']}&client_secret={$args['appsecret']}&fb_exchange_token={$args['usertoken']}";
echo '<br><br>Permanent access token is: <input type="text" value="'.generate_token($args).'"></input>';
The accepted answer is no longer correct. This works now.
Open graph Explorer: https://developers.facebook.com
Login and choose your application from the right corner dropdown
Once logged in click Tools & Support icon in top right corner
Then choose Access Token Tool link on the right side beneath your applications name
To the right of the displayed user token > click [Debug] button
This will have taken you to the Access Token Debugger
Click the blue button at the bottom that says Extend Access Token
This will say: This new long-lived access token will never expire
Copy and paste that token into your application ie; EAAYMFDuobYUBADtYjVDukwBGpwPHOCY0iYglYY3j3r200MzyBZB4.....
You need to get a user access token by FB.login() with manage_pages, pages_show_list and others in scope permissions. Then, execute FB.api("/{user-app-id}/accounts", fields: ...) to get a list of pages with their respectively info, including access_token. Here, you get a short-lived-token, but with this token you can extend its expiration time to "Never".
FB.login(function (response){
if(response.status!=="connected"){
return;
}
FB.api('/'+USER_APP_ID+'/accounts',{fields: 'id, name, access_token,category, picture'},
function(d){
console.log(d) // Here you get access_token (short-lived-token)
});
},{scope: 'manage_pages, pages_show_list', auth_type: 'rerequest'});
With the last access token and from server side, you make a call to API Graph, using App ID and App Secret of the App you use to get permissions to manage the page.
GET /oauth/access_token?
grant_type=fb_exchange_token&
client_id={app-id}&
client_secret={app-secret}&
fb_exchange_token={short-lived-token}
The response gives you an access token with expiration time in "Never".
References:
API Graph Accounts,
Expiration and Extends Access Tokens
The method below worked for me, if you are using 4.x Facebook SDK:
Create the Temporary User Access Token for the first time using the method mentioned here.
Now! It's time to convert this token to Long Term Token using PHP SDK 4.x. Use the following code as it worked for me:
//Class for Generating the Long Lived Token
namespace App\Lib;
use Facebook\FacebookApp;
use Facebook\FacebookClient;
use Facebook\Authentication\OAuth2Client;
class FacebookLongLivedTokenGenerator
{
public $longLivedTokenGenerated = false;
public function generateFacebookLongLivedToken($appId, $appSecret, $oldToken)
{
//request new access token
$oauth2Fb = new OAuth2Client(new FacebookApp($appId, $appSecret), new FacebookClient());
$longLivedToken = $oauth2Fb->getLongLivedAccessToken($oldToken);
if ($longLivedToken) {
$this->longLivedTokenGenerated = true;
$this->userAccessToken = $longLivedToken;
}
return trim($this->userAccessToken);
}
}
You can consume the above class this way:
$longToken = new FacebookLongLivedTokenGenerator();
echo $longToken->generateFacebookLongLivedToken($appId, $appSecret, $oldUserAccessToken);
this Makefile works as of 2015-10-29. steps 2 and 3 give only a two-month token, but the page access token given in the final step shows in the debugger as "Expires: Never". this answer draws upon the work of several others, and is provided in the hopes that it will simplify things for developers regardless of preferred programming language.
before using this, you need to put your existing page ID, app ID, and app secret, in that order, in your ~/.netrc file as follows: machine graph.facebook.com login 123456 account 234567 password 345678
also before using this, login to Facebook with w3m, clicking "Keep me logged in".
MACHINE := graph.facebook.com
PAGE_ID := $(shell awk '$$2 ~ /^$(MACHINE)$$/ {print $$4}' $(HOME)/.netrc)
APP_ID := $(shell awk '$$2 ~ /^$(MACHINE)$$/ {print $$6}' $(HOME)/.netrc)
APP_SECRET := $(shell awk '$$2 ~ /^$(MACHINE)$$/ {print $$8}' $(HOME)/.netrc)
PERMISSIONS := manage_pages,publish_actions,publish_pages
FB := https://www.facebook.com
GRAPH := https://$(MACHINE)
CODE ?=
TOKEN ?=
TWOMONTHTOKEN ?=
BROWSER ?= w3m -dump
REDIRECT := http://jc.unternet.net/test.cgi
CLIENT_SIDE := $(FB)/dialog/oauth?client_id=$(APP_ID)&redirect_uri=$(REDIRECT)
CLIENT_SIDE := $(CLIENT_SIDE)&scope=$(PERMISSIONS)&response_type=code
SERVER_SIDE := $(GRAPH)/oauth/access_token?client_id=$(APP_ID)
SERVER_SIDE := $(SERVER_SIDE)&redirect_uri=$(REDIRECT)
SERVER_SIDE := $(SERVER_SIDE)&client_secret=$(APP_SECRET)&code=$(CODE)
LONG_LIVED := $(GRAPH)/oauth/access_token?client_id=$(APP_ID)
LONG_LIVED := $(LONG_LIVED)&client_secret=$(APP_SECRET)
LONG_LIVED := $(LONG_LIVED)&grant_type=fb_exchange_token
LONG_LIVED := $(LONG_LIVED)&fb_exchange_token=$(TOKEN)
ACCOUNTS := $(GRAPH)/me/accounts?access_token=$(TWOMONTHTOKEN)
export
env:
env
#echo Usage: make code
#echo ' ' make CODE=codefrompreviousstep token
#echo ' ' make TOKEN=tokenfrompreviousstep longterm
#echo ' ' make TWOMONTHTOKEN=tokenfrompreviousstep accounts
#echo Then edit '$$HOME/.netrc' replacing password with page token
code:
$(BROWSER) "$(CLIENT_SIDE)"
token:
$(BROWSER) "$(SERVER_SIDE)"
longterm:
$(BROWSER) "$(LONG_LIVED)"
accounts:
$(BROWSER) $(ACCOUNTS)
it turns out in many cases the first step fails with w3m. in that case, install another browser such as firefox; ssh -X to your server if the script is remotely hosted; and use make BROWSER=firefox code instead. the following steps should work with w3m as shown.
note: if cutting-and-pasting this Makefile, make sure to replace the 4-space indentations with proper tabs.
Using Facebook API v3.1 - None of the answers above worked for me.
Instead, I had to:
1) Create a "system user"
2) Grant him access to the properties I needed (in my case an App)
3) Generate a new token for that app and system user
The instructions I used can be found here
podrias intentar algo como esto
Administrar Paginas
<a href="#" class="btn" onclick="token_live()" >url</a>
<script type="text/javascript">
function token_live(){
var token_app = "";
$.ajax({
url: "https://graph.facebook.com/v2.8/oauth/access_token?grant_type=fb_exchange_token&client_id=598062314053459&client_secret='client_secret'&fb_exchange_token=access_token",
type: 'POST',
dataType: 'HTML',
data: {api_public: 'AP-42b3a8aab70',
},
})
.done(function(data) {
var txt = data
var obj = JSON.parse(txt);
var token_live = obj.access_token
var url_infinit = "https://graph.facebook.com/v2.8/oauth/access_token?grant_type=fb_exchange_token&client_id='remplaza_cliente_id'&client_secret='client_secret'&fb_exchange_token="+token_live;
alert(url_infinit);
```
BASIC PROBLEM: I want my app to be able to make calls to the Facebook graph api about authorized users even while the user is away.
For example, I want the user (A) to authorize the app, then later I want user (B) to be able to use the app to view info about user (A)'s friends. Specifically: the "work" field. Yes, I am requesting those extended permissions (user_work_history, friends_work_history, etc). Currently my app has access to the logged-in user's friends work history, but not to any of the friends' work history of other users of the app.
Here's what I know already:
Adding offline_access to the scope parameter is the old way and it
no longer works.
The new way is with "long-lived" access tokens,
described here. These last for 60 days.
I need to exchange a normal access token to get the new extended token. The FB documentation says:
https://graph.facebook.com/oauth/access_token?
client_id=APP_ID&
client_secret=APP_SECRET&
grant_type=fb_exchange_token&
fb_exchange_token=EXISTING_ACCESS_TOKEN
Here's what I don't know (and I'm hoping you can tell me):
How do I get the extended (aka "long-lived") access token using the Facebook PHP SDK? Currently, my code looks like this:
$facebook->getAccessToken();
Is there such a thing as this?:
$facebook->getExtendedAccessToken();
If not, is this what I should be doing?
$accessToken = $facebook->getAccessToken();
$extendedAccessToken = file_get_contents("https://graph.facebook.com/oauth/access_token?
client_id={$appId}&
client_secret={$secret}&
grant_type=fb_exchange_token&
fb_exchange_token={$accessToken}"
);
I've tried it and it doesn't work. I get this error:
Warning: file_get_contents(https://graph.facebook.com/oauth/access_token? client_id=#######& client_secret=#########& grant_type=fb_exchange_token& fb_exchange_token=##########) [function.file-get-contents]: failed to open stream: HTTP request failed! HTTP/1.0 400 Bad Request in /...
Does it work any differently if I switch to FQL instead of the graph api? I've read through the Facebook documentation many times, but the PHP sdk is not thoroughly documented and I can't find any examples of how this should work.
I finally figured this out on my own. The answer is pretty anti-climactic. It appears that newly created apps get 60 day access tokens automatically. I'm not sure if this is dependent on enabling the "depricate offline_access" setting in the Migrations section of the app settings. Leave it on to be safe.
So at the time of writing this, you can use the PHP SDK as follows: $facebook->getAccessToken();
(The reason my app wasn't working as expected was unrelated to the expiration of the access token.)
Just one more thing, to get long-lived access token using PHP SDK you should call $facebook->setExtendedAccessToken(); before $facebook->getAccessToken();
In the last Facebook PHP SDK 3.2.0 you have a new function setExtendedAccessToken()
that you have to call before getAccessToken();
Like this:
$user = $facebook->getUser();
$facebook->setExtendedAccessToken(); //long-live access_token 60 days
$access_token = $facebook->getAccessToken();
Actually newly created apps only get a 60 day access token automatically if you are using a server side call. If you are using the client-side endpoint as shown above in the question, even new apps will still receive a short-term token initially. see: https://developers.facebook.com/docs/roadmap/completed-changes/offline-access-removal/
I had the same HTTP/1.1 400 Bad Request error that you had when using the New Endpoint and the problem was if you copy the code Facebook gives you exactly and paste it into your app, there are actually spaces in between the params, meaning there's unnecessary spaces in the url and it won't get called correctly when passed into file_get_contents() even though it works okay when pasted in the browser. This took me way too long to figure out. Hope this helps somebody! Here is my complete working code to get the extended access token out of the new endpoint (replace x's with your values):
$extend_url = "https://graph.facebook.com/oauth/access_token?client_id=xxxxxxxxxxxx&client_secret=xxxxxxxxxxxxxxxxxxxxxx&grant_type=fb_exchange_token&fb_exchange_token=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
$resp = file_get_contents($extend_url);
parse_str($resp,$output);
$extended_token = $output['access_token'];
echo $extended_token;
The selected answer is now outdated. Here are Facebook's instructions to swap a short-term token (provided in front-end) for a long-term token (server only):
https://developers.facebook.com/docs/facebook-login/access-tokens/refreshing/
Generate a Long-lived User or Page Access Token
You will need the following:
A valid User or Page Access Token
Your App ID
Your App Secret
Query the GET oath/access_token endpoint.
curl -i -X GET "https://graph.facebook.com/{graph-api-version}/oauth/access_token?
grant_type=fb_exchange_token
client_id={app-id}&
client_secret={app-secret}&
fb_exchange_token={your-access-token}"
Sample Response
{
"access_token":"{long-lived-access-token}",
"token_type": "bearer",
"expires_in": 5183944 //The number of seconds until the token expires
}