Sience Facebook canceled offline_access scope,The access token I get can only available for 2 days.I read their blog,and tried to refresh token every hour.But every time the token I get is just the same as I sent to.and it expires.
It is strange that IM Plus(http://plus.im/)Never need to refresh token(as long as I registed and add Facebook connect to it,about one month)I wonder how did they do that.I discovered they are still using 'offline_access' scope. Here is their URL to get access token
https://www.facebook.com/dialog/oauth?api_key=119600778096160&app_id=119600778096160&client_id=119600778096160&display=touch&domain=plus.im&locale=en_US&origin=2&redirect_uri=https%3A%2F%2Fs-static.ak.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D6%23cb%3Df3d1b1d90c%26origin%3Dhttps%253A%252F%252Fplus.im%252Ff232f2ca44%26domain%3Dplus.im%26relation%3Dopener%26frame%3Df336857b2c&response_type=token%2Csigned_request&scope=read_stream%2C%20publish_stream%2C%20xmpp_login%2C%20read_mailbox%2C%20offline_access&sdk=joey
So,How to get a long term access token just like they do?
Thanks.
Related
I've read a lot and this is the only solution I get to:
The first time the user logs in the app (with publish-actions) you get the token
Convert the token to Long-Lived Token
You can use it to publish for the next 2 months
If the user clicks on a post you send, the token is reset to another 2 months
Am I right? Is that the best solution?
all correct. I am not sure about the user click (didn't find that in the documentation https://developers.facebook.com/docs/facebook-login/access-tokens). You should be ready to handle errors in case the token expires earlier or in case of app uninstalls. I check if the token is still valid by getting the user basic info with the access token I have. If the call is successful, I use the token. If not, I redirect the user app authorization again, get another token, exchange it with another long-lived token, and use that one.
i am trying to use facebook api.i get the short term access token.now i can get longterm fb access_token.its validity will be around 60 days.In google apis there is a refresh token.using that we can get valid access token again and again.there is no such way in facebook so that we can get a new long term token without user to login again.i am creating a server app which will retrieve a user's post on daily basis and i dont want them to restrict to again login after 60 days .is there method possible.please guideline.
As explained in the docs, you have to send the user through the login flow to get a new access token. However, as long as you haven't added any new permissions and the user is already logged into Facebook, they won't have to login or grant access to your app again -- they will be immediately redirected back to your app.
This question is related to this question already asked.
Does this Facebook change mean that we have to store the user token returned the first time and reuse that for all subsequent Facebook requests? What happens if we do not store this user token - can we request it again? If yes, how do we do that?
Also, when does the user token expire, if it ever expires?
This documentation shows how to get data about an access_token. You make a call to:
https://graph.facebook.com/debug_token?input_token=INPUT_TOKEN&access_token=ACCESS_TOKEN
Best practice is to store an access token and its expiration. This documentation shows how to extend a session.
Note this quote found in the 2nd link:
When a user completes a client-side auth flow and you retrieve their
User Access Token, by default you'll receive a short-lived token that
is only valid for 1-2 hours. There is no Javascript SDK function to help extend this, however, you can exchange this token for a longer lived one (valid to 60 days)
This is the access token associated with my Facebook application -- the thing that comes back from https://graph.facebook.com/oauth/access_token?grant_type=client_credentials&client_id=APP_ID&client_secret=APP_SECRET. Can I get this once from FB and save it away somewhere for future use, or do I need to refresh it on a regular basis?
Access Token Tool - Facebook Developers
App tokens do not expire and should be kept secret as they are related to your app secret.
I don't know for sure, but since the documentation does not state that you get back an expiration time for the access token, I guess that it's an educated guess that it does not expire.
But why does it matter? the application authentication process is much simpler than the one with users, so just save the token somewhere (db, memory) and then try an api call, if it fails just issue one call to obtain a new token, save that, and continue as usual.
If you want a token to manage a page, never-expiring token can be obtained by
Get user token
Exchange user token to long-living token (Valid for 30days)
Obtain a page token with this user token (This page token is not going to expire)
When you check the token you've got, check it on Debugger. You will now see 'Expires Never'.
Documentation is on Facebook Developers ,Scenario 5: Page Access Tokens
My app access token does not seem to have changed for just under a month. I do not know if it changes. For fun I just changed my app secret...
My app access token then immediately changed and when I try to use the old one I get a
HTTP 400 error with a message body...
{"error":{"message":"Invalid OAuth access token signature.","type":"OAuthException","code":190}}
My advice is save the access token and use it. Unless you get the message above in which case obtain a new one and use that. One thing that I have not checked yet is if you get the same result if the user access token (that you may be querying) has expired instead.
For each and every user token (which is what you're getting from your link), there is an expiration date. Take one of those tokens to https://developers.facebook.com/tools/debug and debug it. You will see that generally they expire within 60 minutes or so.
To extend that user token, call the exchange command (https://developers.facebook.com/docs/offline-access-deprecation/) to get it to become a 60 day token. That user token has to be still valid (not expired) to do this.
I'm able to get an access token that's good for 60 days, but I'm not able to get the expiration time extended. I'm doing this to be able to get access to Facebook pages through a single user. Here's my process.
I make a call to:
https://www.facebook.com/dialog/oauth?response_type=token&client_id=APP_ID&scope=read_stream,publish_stream,manage_pages,read_insights,create_event&redirect_uri=REDIRECT_URL
I then call to this URL using the token I got from the URL above:
https://graph.facebook.com/oauth/access_token?client_id=APP_ID&client_secret=APP_SECRET&grant_type=fb_exchange_token&fb_exchange_token=EXISTING_ACCESS_TOKEN
I've tried this multiple times over the weekend, and in every single instance, I get the same access token, but the expiration is not updated. I've done this by accessing the URLs in my browser.
Am I missing anything to be able to renew the expiration?
I think the page admin user will have to come back to your app in that 60 days to get a new access token with the extended time on it. I don't think you can (or should) be allowed to extend the access token by application only.
See: https://developers.facebook.com/docs/offline-access-deprecation/
Note: The user must access your application before you're able to get
a valid "authorization code" to be able to make the server-side oAuth
call again. Apps will not be able to setup a background/cron job that
tries to automatically extend the expiration time, because the
"authorization code" is short-lived and will have expired.
I just encountered this problem. The issue ended up being that "deprecate offline access" was disabled in my FB application. When disabled, the extending tokens always returned a short lived token. When enabled, I was able to get long lived access tokens.
The offline access has been deprecated by the facebook developers, but you can still extend your access token life upto 60 days by passing your app id, app secret and current access token to the following url:
https://graph.facebook.com/oauth/access_token?client_id=APP_ID&client_secret=APP_SECRET&grant_type=fb_exchange_token&fb_exchange_token=EXISTING_ACCESS_TOKEN
Note: The EXISTING_ACCESS_TOKEN must be a valid accesss token(not expired one).