I have a general Facebook development question. I'm trying to understand how scenario 5 on Facebooks Removal of offline_access page is supposed to work and what that token can be used for.
A little bit about my app. I allow my apps users to schedule/post Facebook posts from a third party system I integrate with. We then pull the likes and comments and feed it back into that system. Right now we are set up to get the 60 day long lived token and that works great but we have to impose a time limit on scheduling. It's not the end of the world but if we can do better we want to explore that option.
Thus we were told about "Scenario 5" which I've posted and linked to below. My questions are:
What does it mean by a page that the user administers?
What are the pros/cons of this method?
Similar to #2 what can this method do or not do that the 60 day access token can't/can do?
Any tips or hurdles to watch out for when implementing this?
Scenario 5: Page Access Tokens
When a user grants an app the manage_pages permission, the app is able to obtain page access tokens for pages that the user administers by querying the [User ID]/accounts Graph API endpoint. With the migration enabled, when using a short-lived user access token to query this endpoint, the page access tokens obtained are short-lived as well.
Exchange the short-lived user access token for a long-lived access token using the endpoint and steps explained earlier. By using a long-lived user access token, querying the [User ID]/accounts endpoint will now provide page access tokens that do not expire for pages that a user manages. This will also apply when querying with a non-expiring user access token obtained through the deprecated offline_access permission.
http://developers.facebook.com/roadmap/offline-access-removal/
This is referring to the Page access tokens which are used by your app to administer a Facebook Page on behalf of an admin of that page.
These tokens can only access the page itself, or publicly accessible content, you can't use a page access token as a replacement for a user access token.
Related
I'm an admin for a Facebook page I want to handle a server side job scheduler which post every specific time into that Page using Facebook Graph API.
I'm using this code to do that job: $facebook->api("/$page_id/feed","post",$args); and it is working fine for me.
But I have a problem related to Page Access Token. I need to have a permanent Page Access Token to work forever not to update the access token every specific time because it will be server side job scheduler, no GUI for it.
Any suggestion about how to get Permanent Page Access token?
Note: I followed the steps in Facebook documentation
but I have 3 wanderings about it :
Shall I have Facebook app to get Long-Lived Page Authentication ??
I don't have that option on my Facebook app advanced setting
"deprecate offline_access" ??
Is the 60 days is the max valid duration which I can give it to Page
Access Token .. can't it become permanent for ever ??
Earlier people could use offline_access permission to obtain a permanent token. But it looks like Facebook is deprecating this particular permission. Instead, you first need to obtain a short-lived token, then exchange it for a long-lived token, which remains valid for 60 days. Same goes for page tokens.
When a user grants an app the manage_pages permission, the app is able
to obtain page access tokens for pages that the user administers by
querying the [User ID]/accounts Graph API endpoint. With the migration
enabled, when using a short-lived user access token to query this
endpoint, the page access tokens obtained are short-lived as well.
Exchange the short-lived user access token for a long-lived access
token using the endpoint and steps explained earlier. By using a
long-lived user access token, querying the [User ID]/accounts endpoint
will now provide page access tokens that do not expire for pages that
a user manages. This will also apply when querying with a non-expiring
user access token obtained through the deprecated offline_access
permission.
https://developers.facebook.com/roadmap/offline-access-removal/
I'm writing code to allow uploading of events from a website to facebook, to do that I require a manage page access token, the procedure I`v found to obtain that is:
First Having added the domain to the app:
Then get a short term access token with:
https://www.facebook.com/dialog/oauth?client_id=[App ID]&redirect_uri=[full website uri]&scope=create_event&response_type=token
Then get a longer lasting access token from:
https://graph.facebook.com/oauth/access_token?client_id=[App ID]&client_secret=[App Secret]&grant_type=fb_exchange_token&fb_exchange_token=[access token given above]
Then get a page specific token from:
https://graph.facebook.com/me/accounts?access_token=[access token given above]
That returns a json encoded array with tokens for each page I manage which I gather lasts for 60 days.
However I don't manage the website I`m coding for, so don't wish to have to repeat this manual procedure every 2 months, can someone give an idea for an automated procedure or to confirm if such is not possible with facebook.
If you are extending the user access token then the page token received will not have an expiry date. So then the user will only have to login once in the entire usage of the app.
Exchange the short-lived user access token for a long-lived access token using the endpoint and steps explained earlier. By using a long-lived user access token, querying the [User ID]/accounts endpoint will now provide page access tokens that do not expire for pages that a user manages. This will also apply when querying with a non-expiring user access token obtained through the deprecated offline_access permission.
https://developers.facebook.com/roadmap/offline-access-removal/
I am wondering if it is possible to obtain an extended access token for facebook pages that do not have a facebook profile set as it's administrator. I see it is possible to create a facebook page without setting a user profile as the admin and having those pages auth with my app.
For pages that do have a facebook profile as it's administrator, I am able to extend the short lived access token when requesting the manage_pages permission. But I'm not if there is no user associated with it.
The documentation describes this process for extending page tokens.
Apps can retrieve a Page access token from Page admin users when they
authenticate with the manage_pages permission. If the user access
token used to retrieve this Page access token is short-lived, the Page
access token will also be short-lived.
To get a longer-lived Page access token, exchange the User access
token for a long-lived one, as above, and then request the Page token.
The resulting Page access token will not have an expiry time at all.
Extending Access Tokens Documentation
I am wondering if it's possible to obtain extended access tokens for pages when there is no admin associated with the page.
All pages must be owned by a user account, either a regular user account or a business account - and both work in the same way as far as the API is concerned, at least for login (business accounts don't have names, a timeline, friends, etc so are obviously not the exact same, but they log in and grant access to apps the same way)
I just tested a few minutes ago using the my app, a business account and the server side oauth flow and received a long expiry (approx 60 day) token correctly when exchanging the business account's code for an access token
I was then able go through the flow again, this time asking for manage_pages permission and was able to use the token to retrieve a non-expiring page access token for a page the account manages using the regular process (a call to /me/accounts or `/?fields=access_token)
I am creating a system to allow our clients to create articles and post them in our CMS. The one feature we are being asked to implement is that when an editor publishes an article, that that article gets posted to the company's facebook wall as well.
The tricky part to this is that the people who are allowed to publish articles may not have login credentials to the company's overall FB account. This means that I can't rely on the normal process to retrieve access tokens for accounts (or so it seems).
I did quite a bit of research and came up with the following documentation sources:
http://developers.facebook.com/docs/howtos/login/extending-tokens/
http://developers.facebook.com/docs/howtos/login/server-side-login/
http://developers.facebook.com/docs/concepts/login/login-architecture/
http://developers.facebook.com/roadmap/offline-access-removal/
From these it seems that in order to allow locally authorized users to post to the company's facebook wall I must:
Have a user with valid FB credentials log into an Admin page
Click a button to start the authorization process
Retrieve the short term access token from the FB response and exchange it for a long-lived 60 day token
Store the 60 day token in our database
Each time a user attempts to publish an article, test if the token has expired and if so alert the admin they need to re-authorize.
Is this the only workflow to accomplish this or is there a simpler method, preferably one that does not require the last step.
Use a page token. Get it using a long-lived user access token – then the page token will not expire by default.
I created an APP on Facebook and using graph API explorer, I selected my app from app drop down box, requested access token with manage_pages, offline_access and publish_stream permissions.
Using this access token, I was successfully able to post message on page using restfb APIs but when I log out, it starts throwing The session is invalid error.
I read on few posts that offline_access is deprecated. Could someone tell me how to obtain permanent access token?
Thanks
Looking at the docs at: https://developers.facebook.com/roadmap/offline-access-removal/ this is no longer possible.
Desktop applications will not be able to extend the life of an
existing access_token and the user must login to facebook once the
token has expired.
Otherwise, it is possible to request an access token with a longer expiration. Here are the directions: https://developers.facebook.com/roadmap/offline-access-removal/#extend_token
What kind of Access Token do you need? There are three kinds, User AT, App AT and Page AT.
If you want User AT, it seems you are out of luck. I don't think it's possible anymore. You can only get to 60 days. However, if you need Page AT, you can get a permanent one. The difference is, Page Access Token only has access to a single facebook page.
Basically you need to get User Access Token first, with manage_pages permission. When you have one, you have to look at /{pageId}?fields=access_token for your page's id in Graph API.
For more info look at: facebook: permanent Page Access Token?
you will not get any permanent access token as Facebook developer blog explains. you will be given 60 days long lived access token. Before the expiration Facebook will notify you about the expiry and then you can renew it or you can build your own custom control to get the notification on token expiration which you can fetch from Facebook API.