I'm writing code to allow uploading of events from a website to facebook, to do that I require a manage page access token, the procedure I`v found to obtain that is:
First Having added the domain to the app:
Then get a short term access token with:
https://www.facebook.com/dialog/oauth?client_id=[App ID]&redirect_uri=[full website uri]&scope=create_event&response_type=token
Then get a longer lasting access token from:
https://graph.facebook.com/oauth/access_token?client_id=[App ID]&client_secret=[App Secret]&grant_type=fb_exchange_token&fb_exchange_token=[access token given above]
Then get a page specific token from:
https://graph.facebook.com/me/accounts?access_token=[access token given above]
That returns a json encoded array with tokens for each page I manage which I gather lasts for 60 days.
However I don't manage the website I`m coding for, so don't wish to have to repeat this manual procedure every 2 months, can someone give an idea for an automated procedure or to confirm if such is not possible with facebook.
If you are extending the user access token then the page token received will not have an expiry date. So then the user will only have to login once in the entire usage of the app.
Exchange the short-lived user access token for a long-lived access token using the endpoint and steps explained earlier. By using a long-lived user access token, querying the [User ID]/accounts endpoint will now provide page access tokens that do not expire for pages that a user manages. This will also apply when querying with a non-expiring user access token obtained through the deprecated offline_access permission.
https://developers.facebook.com/roadmap/offline-access-removal/
Related
I'm an admin for a Facebook page I want to handle a server side job scheduler which post every specific time into that Page using Facebook Graph API.
I'm using this code to do that job: $facebook->api("/$page_id/feed","post",$args); and it is working fine for me.
But I have a problem related to Page Access Token. I need to have a permanent Page Access Token to work forever not to update the access token every specific time because it will be server side job scheduler, no GUI for it.
Any suggestion about how to get Permanent Page Access token?
Note: I followed the steps in Facebook documentation
but I have 3 wanderings about it :
Shall I have Facebook app to get Long-Lived Page Authentication ??
I don't have that option on my Facebook app advanced setting
"deprecate offline_access" ??
Is the 60 days is the max valid duration which I can give it to Page
Access Token .. can't it become permanent for ever ??
Earlier people could use offline_access permission to obtain a permanent token. But it looks like Facebook is deprecating this particular permission. Instead, you first need to obtain a short-lived token, then exchange it for a long-lived token, which remains valid for 60 days. Same goes for page tokens.
When a user grants an app the manage_pages permission, the app is able
to obtain page access tokens for pages that the user administers by
querying the [User ID]/accounts Graph API endpoint. With the migration
enabled, when using a short-lived user access token to query this
endpoint, the page access tokens obtained are short-lived as well.
Exchange the short-lived user access token for a long-lived access
token using the endpoint and steps explained earlier. By using a
long-lived user access token, querying the [User ID]/accounts endpoint
will now provide page access tokens that do not expire for pages that
a user manages. This will also apply when querying with a non-expiring
user access token obtained through the deprecated offline_access
permission.
https://developers.facebook.com/roadmap/offline-access-removal/
When an event is created on our system I want to create the event on Facebook via our page. This is an entirely server-side process with no user interaction.
I've linked my page to my app, grabbed the "app token" for my application from https://developers.facebook.com/tools/access_token and tried to create an event by POSTing to /mypage/events but I just get (OAuthException - #1) An unknown error has occurred.. I'm assuming app tokens don't have access to create events for my page.
I can use a page token but this expires after 60 days and I'll have to keep updating the token. Is there a way to have this token last forever? I can renew it in code but it requires a user access token.
What's the best way to go about this?
You cannot use an app token to create an event on behalf of a page. You must use a page token and if you follow scenario 5 listed at https://developers.facebook.com/roadmap/offline-access-removal/, the page token will have no expiry.
Exchange the short-lived user access token for a long-lived access token using the endpoint and steps explained earlier. By using a long-lived user access token, querying the [User ID]/accounts endpoint will now provide page access tokens that do not expire for pages that a user manages. This will also apply when querying with a non-expiring user access token obtained through the deprecated offline_access permission.
I am wondering if it is possible to obtain an extended access token for facebook pages that do not have a facebook profile set as it's administrator. I see it is possible to create a facebook page without setting a user profile as the admin and having those pages auth with my app.
For pages that do have a facebook profile as it's administrator, I am able to extend the short lived access token when requesting the manage_pages permission. But I'm not if there is no user associated with it.
The documentation describes this process for extending page tokens.
Apps can retrieve a Page access token from Page admin users when they
authenticate with the manage_pages permission. If the user access
token used to retrieve this Page access token is short-lived, the Page
access token will also be short-lived.
To get a longer-lived Page access token, exchange the User access
token for a long-lived one, as above, and then request the Page token.
The resulting Page access token will not have an expiry time at all.
Extending Access Tokens Documentation
I am wondering if it's possible to obtain extended access tokens for pages when there is no admin associated with the page.
All pages must be owned by a user account, either a regular user account or a business account - and both work in the same way as far as the API is concerned, at least for login (business accounts don't have names, a timeline, friends, etc so are obviously not the exact same, but they log in and grant access to apps the same way)
I just tested a few minutes ago using the my app, a business account and the server side oauth flow and received a long expiry (approx 60 day) token correctly when exchanging the business account's code for an access token
I was then able go through the flow again, this time asking for manage_pages permission and was able to use the token to retrieve a non-expiring page access token for a page the account manages using the regular process (a call to /me/accounts or `/?fields=access_token)
I have a general Facebook development question. I'm trying to understand how scenario 5 on Facebooks Removal of offline_access page is supposed to work and what that token can be used for.
A little bit about my app. I allow my apps users to schedule/post Facebook posts from a third party system I integrate with. We then pull the likes and comments and feed it back into that system. Right now we are set up to get the 60 day long lived token and that works great but we have to impose a time limit on scheduling. It's not the end of the world but if we can do better we want to explore that option.
Thus we were told about "Scenario 5" which I've posted and linked to below. My questions are:
What does it mean by a page that the user administers?
What are the pros/cons of this method?
Similar to #2 what can this method do or not do that the 60 day access token can't/can do?
Any tips or hurdles to watch out for when implementing this?
Scenario 5: Page Access Tokens
When a user grants an app the manage_pages permission, the app is able to obtain page access tokens for pages that the user administers by querying the [User ID]/accounts Graph API endpoint. With the migration enabled, when using a short-lived user access token to query this endpoint, the page access tokens obtained are short-lived as well.
Exchange the short-lived user access token for a long-lived access token using the endpoint and steps explained earlier. By using a long-lived user access token, querying the [User ID]/accounts endpoint will now provide page access tokens that do not expire for pages that a user manages. This will also apply when querying with a non-expiring user access token obtained through the deprecated offline_access permission.
http://developers.facebook.com/roadmap/offline-access-removal/
This is referring to the Page access tokens which are used by your app to administer a Facebook Page on behalf of an admin of that page.
These tokens can only access the page itself, or publicly accessible content, you can't use a page access token as a replacement for a user access token.
Facebook changed their Graph API recently to require an access token. Therefore I quickly made a Facebook application to be able to retrieve an access token, use a URL similar to the one below, generated my access token and implemented the token in my iPhone application. Lately I have been thinking about if I have done something wrong. Should I request the access token everytime a user of my application retrieves data from the Graph API? I am starting to doubt whether or not the access token is unique to each user or just to the Facebook application.
Can I hardcode an access token into my application or should I make a request on the URL below every time I need to retrieve data through the Graph API?
I am generating my access token with the following URL:
https://graph.facebook.com/oauth/access_token?client_id=MYID&client_secret=*MY_SECRET*&grant_type=client_credentials
Access token granted by user have expiration time. If token expired then you need to request it again. But if you ask user to grant you "offline_access" permissions then you'll have almost not limited access token. You can store it in database or file and use next time.
Here FB documentation about permissions:
http://developers.facebook.com/docs/authentication/permissions/
Enables your app to perform authorized
requests on behalf of the user at any
time. By default, most access tokens
expire after a short time period to
ensure applications only make requests
on behalf of the user when the are
actively using the application. This
permission makes the access token
returned by our OAuth endpoint
long-lived.