Currently I am working with long-lived access token (60 day expiration long-lived).
I see a post in facebook I can extend long-lived access token by first getting back short-lived access token and then renewing it to new long-lived token.
I hope this can be done without user getting involved. (user doesn't have to log in and give the permissions again for this process)
Has anybody done this in c#?
It would be greatly appreciated if you can share code or link.
Here is the instruction from facebook website:
"If you would like to refresh a still valid long-lived access_token, you will have to get a new short-lived user access_token first and then call the same endpoint below. The returned access_token will have a fresh long-lived expiration time, however, the access_token itself may or may not be the same as the previously granted long-lived access_token."
And here is some example posted right below the instruction which I am not familiar with how to use:
https://graph.facebook.com/oauth/access_token?
client_id=APP_ID&
client_secret=APP_SECRET&
grant_type=fb_exchange_token&
fb_exchange_token=EXISTING_ACCESS_TOKEN
Website source: http://developers.facebook.com/roadmap/offline-access-removal/
[…] y first getting back short-lived access token and then renewing it to new long-lived token. I hope this can be done without user getting involved.
No, of course it can not, at least not without any user interaction.
You have to at least have the user visit one of you pages, where you can check his login status client-side and get a short-lived access token in return if he is still connected to your app.
Related
How get long-lived access token with permission user_posts???
I am using
https://graph.facebook.com/oauth/access_token?
grant_type=fb_exchange_token&client_id=xxx&
client_secret=xxx&fb_exchange_token={short-lived-token}
I need to user_posts permissionto gain access to Fb sharedposts, what you need to add to this URL
You first need to get the short-lived Acces Token via the normal login flow. Once you got it, you can exchange the short-lived one into a long-lived one.
See
https://developers.facebook.com/docs/facebook-login/v2.3
https://developers.facebook.com/docs/facebook-login/access-tokens#termtokens
https://developers.facebook.com/docs/facebook-login/access-tokens#extending
I want to pull my most recent images from facebook's api for my personal website. I cannot seem to find a way to only authenticate my user without the login dialog. Does anyone know if this is possible? I can generate my user access token inside the graph API Explorer, but it expires in 1 hour.
How to get my own Facebook user access token indefinitely
You cannot!
But you can extend this token that will be valid for 60 days - called the long-lived token. So, if a user visits your application at least once in 60 days you can have the access to user's data indefinitely.
Simple call to get the long-lived user access token-
GET /oauth/access_token?
grant_type=fb_exchange_token&
client_id={app-id}&
client_secret={app-secret}&
fb_exchange_token={short-lived-token}
Refreshing this token- The user have to go through the login process again (calling login API) to get the short-lived token and then perform the same exchange for a fresh long lived token with 60 days expiry.
You can also debug your token anytime with-
GET /debug_token?
input_token={input-token}&
access_token={access-token} // a valid user access token or app access token
I have a small misunderstanding with how FB access token is being refreshed.
I'm using FB JS SDK and every time I visit my page (as well as when I relogin) I get a new short-lived access token.
Then I send it to the server side and exchange it to a long-lived access token.
But despite I get a new long-lived access token, it still expires at the same time as the previous long-lived token. Facebook Access Token Debugger says that token, I've just got, was issued 18 hours ago.
Is this a normal behavior? Or maybe I'm doing something wrong?
Greatly appreciate your help.
It looks like FB refreshes an expiration time of a new long-lived access token if user visits a page in one day after the initial long-lived access token is issued. In this case you can get a short-lived access token and exchange it for a long-lived token, which would have a new expiration time (i.e. 60 days).
Have a look at my answer to a similar question:
Extending 60 days Facebook token
Basically, you can't refresh a long-lived token before it expires.
I have this code:
$facebook->api("/oauth/access_token?grant_type=fb_exchange_token&client_id=".$facebook->getAppId()."&client_secret=".$facebook->getAppSecret()."&fb_exchange_token=".$user->getFacebookAccessToken());
it does not throw any exception, but it returns null. I am trying to extend a short-lived Facebook User Access Token to be a long-lived Facebook User Access Token. However, after I have generated a new token and calling this request while the new token was still alive, I have waited for a few hours and started a browser where I was not logged in with my facebook account. Then I have logged in with a test user (to the application, not to Facebook), but unfortunately it was directing me to the Facebook login, which means that the Facebook User Access Token was somehow invalidated.
I was working based on the doc found here.
So, can someone enlighten me how should I send the request so Facebook will really extend the token's life cycle? Also, I am not sure how can I determine whether I have successfully extended the life cycle of a Facebook User Access Token. (I am not a Facebook fan, to say the least and I am new to the Facebook API too).
Thanks, guys.
EDIT:
I have read this article and copied the setExtendedAccessToken method into my class with a few modifications to support my logic. Now the code which tries to extend the life cycle of the User Facebook Access Token is as follows:
$facebook->setExtendedAccessToken($user->getFacebookAccessToken());
Now it returns an array of two elements, the token and the expiry date. The expiry date is "5174078". I believe I am on the right track to solve this problem, am I?
Here's what I think you should be doing:
An FB user, logged in, comes to your site and you get a short-lived token for them via the client side flow in the Javascript SDK or a long-lived token via the server-side flow with the PHP or some other SDK (it appears you are doing the first of these already)
If it was a short-lived token, extend it and get a long-lived token via the API call to exchange the token (it appears you're doing this too)
Save long-lived token to your database (not sure if you're doing this)
When the user comes back to your app at some other point, logs in to your app via your own login system, but is not logged in to Facebook, you use the cached token from your database in ->setAccessToken() and then make calls to the Facebook API on their behalf
i think step 4 is your problem; I suspect you're seeing the user is logged-out of Facebook and sending them through the Facebook auth process again instead of having them log into your app via your own login mechanism, and reusing the token you stored before.
This is perfectly fine, but in that case there's no need for you to store the tokens, and you could do this all 'live' and require your users to be still logged into Facebook to fetch a new token 'live' instead of caching the token you obtained on their previous visit to your app.
Just as an FYI cause I've been stumbling around with access token for the last 45 minutes. Via facebook's documentation:
https://developers.facebook.com/docs/roadmap/completed-changes/offline-access-removal/
which seems to be a little dated, I was able to manually extend my existing short lived access token with:
https://graph.facebook.com/oauth/access_token?
client_id=APP_ID&
client_secret=APP_SECRET&
grant_type=fb_exchange_token&
fb_exchange_token=EXISTING_ACCESS_TOKEN
Users login Facebook on my website via an URL that redirects them to
https://graph.facebook.com/oauth/authorize?client_id=116908145XXXXXX&display=page&scope=offline_access&redirect_uri=http://localhost:8000/account/services/?service=facebookcallback
On the callback page I make a request with the code I receive to get the access token, at this URL
https://graph.facebook.com/oauth/access_token?code=2.3m2hLauQJpWTGFExUK6O3w__.3600.1290081600-100001796185871%7.....&format=json&redirect_uri=http%3A%2F%2Flocalhost%3A8000%2Faccount%2Fservices%2F%3Fservice%3Dfacebookcallback&client_id=116908145040447&scope=offline_access&client_secret=...
The response I get is this
access_token=116908145XXXXXX|2.3m2hLauQJpWTGFExUK6O3w__.3600.1290081600-100001796185871|S3MG...&expires=3912
As it can be seen from the token it has an expiration date.
The token expires some hours after the request. Shouldn't I receive an access token without expiration date if I make the requests with scope=offline_access ?
Old post, but the info might be useful for someone else.
Facebook now disables offline_access by default. You must enable an app migration if you still want to use it.
With the migration off, tokens will be "short lived" and last only an hour or two. You can get an extended token which lasts about 60 days by making a request to
https://graph.facebook.com/oauth/access_token?
client_id=APP_ID&
client_secret=APP_SECRET&
grant_type=fb_exchange_token&
fb_exchange_token=EXISTING_ACCESS_TOKEN
See this page for more details
tokens you get with offline_access permissions, are "long-lived" as facebook says in their documentation, but it is not said that it has no expiration / infinite. Even if you get this not-time-bounded access_token, it can still expire if the user changes his password or if he removes your application.
But to answer your question directly, yes you should get a long-lived access_token using "scope=offline_access". Also, please check if the dialog showed "Access my data anytime"