Bear with me, I know access_token questions have been asked a thousand times but I can't seem to find an answer to this specific question.
Is there an expiration date for Facebook Page (not app, not user) access tokens?
I know that:
offline_access has been deprecated.
I can request a 60-day user access_token
Step 1: I use Facebook Connect and I get a user access_token which has the manage_pages permission (by default, this token expires in 2 hours, extendable to 60 days)
Step 2: I then call /me/accounts and get an array of the user's pages each one with a listed page access_token
Step 3: I can use the page access_token in subsequent API calls to do things like posting to the user's page.
I need users to be able to schedule page updates to happen in the future (when they will not be online).
So again the question is:
What is the expiration date of the page access_token returned from /me/accounts?
If the expiration date is tied to something, what is it tied to?
Expiration date of the user access_token used when requesting /me/accounts?
60-days from when the request is made to /me/accounts?
I apologize for my confusion, the Facebook documentation seems to fall extremely short in describing these access tokens.
I just created a brand new app. Ensured the deprecate offline access was enabled. Went to explorer, found my new app in the dropdown, granted myself manage_pages, went to me/accounts grabbed one of the page access tokens, and then linted it. Whew! 1 hour expiration.
EDIT
I tried exchanging that 1 hour page token and I got an error from fb.
I went back to the user access token, and exchanged it for a 60 day one. Verified in the linter that it was a 60 day. Went back to me/accounts and grabbed one of the page access tokens and linted it. Suprise! Got a 60 day token from there.
So the moral of the story is, you cannot exchange page tokens, only user tokens. But with a 60 day user token you can get a 60 day page token. :)
Related
After I read the graph api documentation, I understood the usually a regular user token has around 2 hours validity, and you can extend it for another 60 days.
I started to test the graph api, and I generated a token for my personal facebook acount using my own fb application.
I was surprised to find out the this token has the expiration date set to never.
Please have a look over the print screen which contains debug info about the token.
So the question is: why my token doesn't expire in a few hours as is specified in the graph api documentation ?
why my token doesn't expire in a few hours as is specified in the graph api documentation ?
That’s a “side effect” of manage_pages permission.
Extended page access tokens do have unlimited validity. And page access tokens still need to be tied to the user that created them somehow (if the user is removed as admin for the page, the page token needs to get invalidated as well) – so for implementation reasons Facebook chose the way of making the user access token have unlimited validity in this case as well.
From reading the Facebook documentation on access tokens, the maximum lifetime is 60 days. However, I tested the one below I got through a TEST application of my real application and it says Never, meaning it doesnt expire. Is that correct? Shouldnt it have an expiration date? This token gives permission from the user to post to a Facebook page through an application. This application hasnt been approved yet for the new verification process.
That´s an Extended Page Token, they are valid forever. See the "Profile ID", that´s the ID of a Page. What you mean is an Extended User Token, those are only valid for 60 days.
More information:
https://developers.facebook.com/docs/facebook-login/access-tokens
http://www.devils-heaven.com/facebook-access-tokens/
Facebook has deprecated the offline access permission.As a developer is there some other way for me to post on the wall of a user when he is not online or I can do that only when he is accessing my app?
You can increase 2 table columns in your app namely short_access_token & long_access_token.
Once user authenticates your app, an access token is generated, store it in short_access_token. Then pass this access token to:
https://graph.facebook.com/oauth/access_token?
client_id=APP_ID&
client_secret=APP_SECRET&
grant_type=fb_exchange_token&
fb_exchange_token=EXISTING_ACCESS_TOKEN
Once you run this, an access token with 60 days validity will be generated. Store it in long_access_token. Now, use this long_access_token for 60 days.
You can generate long lived access token only once a day i.e. the first time. Use this long lived access token to post on user's wall (if you've already got the permission).
Ref: https://developers.facebook.com/roadmap/offline-access-removal/
You can post to a users wall, without that user being logged in, for up to 60 days. After that, you will need to force the user to login to Facebook again and get a new 60 day access token.
To do all this gracefully, you should store the date of the acquisition of the token in your DB, and set up the necessary UI for the user as that date approaches.
In addition, if the user is an infrequent user of your application, you should really test the validity of the token at least once a day, and go redirect them to login to Facebook if your app finds that the token has expired. This also helps re. tokens becoming invalid due to the user changing their Facebook password.
Of course you can post to a user’s wall as long as you have a valid access token – no matter if they are “online” or not.
Stuff to read (clearly looks like you didn’t do much research of your own before asking):
https://developers.facebook.com/roadmap/offline-access-removal/
https://developers.facebook.com/blog/post/2011/05/13/how-to--handle-expired-access-tokens/
I need to make an web application to manage posts, when a post is made sometimes I should post a brief promotional message one of the company fanpages on facebook (depending on criteria on the post).
This is possible right now using the offline_access permission: create application A, request the manage_pages, offline_access, publish_stream permissions and with that access token you can connect when you want to the graph api and post to the page.
Since offline_access is being deprecated and is going to be removed in May 2012 I was wondering how it would be possible to post to different pages of the company.
I can't implement any of the OAuth authentication mechanisms since the final user that uses the web application will not have access to the fb account that is page administrator and the posting to facebook should happen in a backend process not interacting with the user.
A workaround I found is to post to the page by posting on the admin user stream and tagging the page (that would only require publish_stream), but the Graph API is bugged and doesn't allow you to tag in posts. In code (Ruby + Koala) it would be something like this:
oauth = Koala::Facebook::OAuth.new("app-key", "app-secret", nil)
api = Koala::Facebook::API.new(oauth.get_app_access_token)
api.put_wall_post("message #[page-id:1:page-name]", {}, "admin-user")
The only problem is a bug in the facebook API prevents you from tagging stuff in posts to your stream.
Is this kind of model not going to be supported anymore? Anyone knows of any workaround?
You can increase 2 table columns in your app namely short_access_token & long_access_token.
Once user authenticates your app, an access token is generated, store it in short_access_token. Then pass this access token to:
https://graph.facebook.com/oauth/access_token?
client_id=APP_ID& client_secret=APP_SECRET& grant_type=fb_exchange_token& fb_exchange_token=EXISTING_ACCESS_TOKEN
Once you run this, an access token with 60 days validity will be generated. Store it in long_access_token. Now, use this long_access_token for 60 days.
You can add another condition where if the long_access_token was generated more than 30 days ago, just take the short_access_token and generate a new lon_access_token.
You can generate long lived access token only once a day i.e. the first time. Use this long lived access token to manage paes (if you've already got the permission).
Ref: https://developers.facebook.com/roadmap/offline-access-removal/
The only workaround you have is to give the app user page administrator access to the various pages, so when you do post to the page's wall, it can be posted as the page rather than a post as the user. However, you will only be able to extend a "valid" user access token to 60 days per Facebook's new rules. But with that 60 day user token, you can then get a 60 page access token, so you can post as the page to the page.
If you don't have the requirement of posting to the page as the page, then it's pretty simple to do it without attaching that user as a page admin. Just let them be a normal user.
This is the problem:
I have to program an app, that is posting photos to a page on Facebook, which is not administered by the user, who runs the app.
I know that for the page login I have to get the administrators access_token, as described here: http://developers.facebook.com/docs/authentication/ (section "Page Login")
Step 1: I log in as Page Admin.
Step 2: I fill in the App-ID, the redirect_uri and the scope as described.
Step 3: As also described, I copy the token in here: https://graph.facebook.com/me/accounts?access_token=TOKEN_FROM_ABOVE
After that I get a list of pages, i am the admin of. I can use the appropriate token and every user of my app can post to that page. But only until the token expires.
The problem is at Step 2. When i receive the access_token, the end of the line already says "&expires_in=5848". Changing to "scope=manage_pages,offline_access" does not help.
This way obviously my app is totally useless.
What am I doing wrong? What am I missing here? Why is offline_access not working here?
Any help would be so very very appreciated!
Thanks in advance of course.
I just created a brand new app. Ensured the deprecate offline access was enabled. Went to explorer, found my new app in the dropdown, granted myself manage_pages, went to me/accounts grabbed one of the page access tokens, and then linted it.
Whew! 1 hour expiration. Just like yours.
I tried exchanging that 1 hour page token and I got an error from fb. Grrrr....
I went back to the user access token, and exchanged it for a 60 day one. Verified in the linter that it was a 60 day. Went back to me/accounts and grabbed one of the page access tokens and linted it. Suprise! Got a 60 day token from there.
So the moral of the story is, you cannot exchange page tokens, only user tokens. But with a 60 day user token you can get a 60 day page token. :)