As the title suggests im wondering how i could obtain a never expiring facebook user access token. Which i would need to create a page access token at a later date. I tried using their graph explorer tool but i could only make it go up to 2 months of expiry date and for my use case that wouldnt be ideal.
To shortly explain my use case, on our website im trying to implement a facebook sharing system where each user could share what they wanted i.e posts on their facebook page (we are not using facebook login and the user would just give acces from their own dev tool panel if thats the correct approach). I got this to work BUT only with a acces token that would expire in 2-3months. So a user having to re-authenicate with our service every 2-3 months isnt ideal and wouldnt really work for us. So is there a way i can refresh that token programtically or does the user have to give a new user access token every couple of months.
I have tried following this answer but with no luck Long Lived access token Facebook Page and many similar answers to this. There is also a suggestion that you should contact facebook if you want a never expiring access token which this user suggested Generate permanent access token Facebook API.
Now im wondering if it even is possible do that in 2021 and if there is anything i missed in regards how to generate said tokens or refresh them.
EDIT:
I used the following requests to get the extended access token.
https://graph.facebook.com/oauth/access_token?client_id=<your FB App ID >&client_secret=<your FB App secret>&grant_type=fb_exchange_token&fb_exchange_token=<your short-lived access token>
After i got the token i used
https://graph.facebook.com/me/accounts?access_token=<your long-lived access token>
to get the extended access token.
To get page access token that never expires, take the following steps:
Get user token
Make this token long-lived, e.g. by clicking "Extend access token" at the bottom of the page: https://developers.facebook.com/tools/debug/accesstoken/
Then, use this token to get page access token.
In Access Token Debugger the token will be marked as "Expires: never"
Related
I am making an OAuth 2.0 request and it is returning me JSON with refresh_token and access_token, why are there are 2 in OAuth2.0?
Which one is short lived?
What is the purpose of both?
I read this question on SO but that didn'e helped me much, Any help in this regard will be appreciated
Thanks
The access token is what you will use to authenticate your service requests. It generally contains details about the user or is directly mapped to the permissions about the user and the permissions that he has granted.
These tokens are short lived - something like one hour, the actual duration differs per provider.
The refresh tokens on the other hand are used to get a new access token when the one that you have expires. They have a much longer (sometime infinite, until explicitly revoked) lifetime.
Now, let's consider an end to end scenario. Let's say you create an app that does Facebook actions on a user's behalf - post on their timeline etc.
Your app redirects the user to log in to Facebook - you use Facebook SDK for this.
When the user successfully logs in and gives you the required permissions (post on timeline) you get an access token and a refresh token.
Your app can now hit the Facebook API to post on the user's timeline on his behalf with the access token. This token can be used for one hour (or whatever time the access token is valid)
Once the token is about to expire, you can hit a Facebook API to refresh the access token, as this one is about to expire. So, you call into the API with refresh + access tokens.
The API returns a new access token to you - you can use this now till it expires.
PS - This is not how it happens for Facebook actually. This was just a random example to explain how refresh and access tokens differ.
If this makes sense, go back to the question that you have linked. It has some really good answers. :)
I'm building an application for an event so they can directly post their news messages on facebook. I'm trying to use de php SDK V4 for this but there are some parts of the login process I don't understand (still couldn't find a solution after searching for several hours).
My Problem is in the login process. First you have to specify which applicaton you are and give your application secret. Than you have to login to facebook with an account.
But which account should I use for that? The one of their event? Mine?
(I'm an admin of the events page) (this means that all messages will
be posted from mine account while i'm not the poster...sounds pretty
weird..)
Which method should I use to login into facebook? There is a veriaty of methonds like the FacebookRedirectLoginHelper(), the FacebookCanvasLoginHelper() or the Javascript one. However as far is I understand all these helpers for your users to login to their facebook accounts and that's not what I want.
During my search I found some an example of someone who is making a similar system (Facebook Graph API PHP SDK v4 - Post on Page). He/She uses the folowing piece of code for getting a facebook session:
FacebookSession::setDefaultApplication('{APP ID}','{APP SECRET}');
$session = new FacebookSession('{Page Access Token}');
This suggests that you don't need to login into facebook by user but only need a Page Acces Token. However if I understand it correctly (correct me if I'm wrong), to get a Page Acces Token, you first need an User Acces Token (https://developers.facebook.com/docs/facebook-login/access-tokens/#pagetokens). To get an User Acces Token you should be logged in, and than we're back to question 1 and 2 in the beginning of my story.
Or can I just get a Page Acces Token using the following api request (according to https://developers.facebook.com/docs/facebook-login/access-tokens/#pagetokens)
GET /{user-id}/accounts
Using a random user-id as long as the page admin gave this user permission to generate such a token (so the user related to "user-id" shouldn't be logged in while retrieving the Page Acces Token?) .
Sounds like you'll need to use the following flow:
Have the page admin log in with their Facebook account. Make sure to request the manage_pages extended permission. This will give you access to the pages they admin.
Once they grant access to your app, you'll get a short lived user access token. Exchange it for a long lived user access token.
Get the list of the user's pages with /me/accounts. Each page will have an access_token field returned with it. These are all page access tokens. We want to use a long lived user access token to get this list so that all the page access tokens returned will not have an expiration date. They live forever! :)
Use the page access token to post to the wall of the page if you want to post as that page. Use the user access token to post to the wall of the page if you want to post as that user.
And the Facebook Query Builder might make this whole process a lot easier. :)
Hope that helps!
I'm trying to make aplication which get the posts of facebook page. I did everything and it is working fine but I have problem wih access token. I've tried some SO answers about making FB APP but it didn't worked for me. I got to point when my token expired then refreshed page but the page asked me to verify access. But I cannot have it like this, because it doesnt serve the purposse.
Now I'm taking the content from this url with file_get_contents("https://graph.facebook.com/soecz/posts?access_token=CAACEdEose0cBAJrnTKwdTdaloBgShsNSIkJjspgQocumZB4CV4mZACpAo3xj57gYcVYYYeHDBxi2ltNCT7SZB0Yl51PBQCrInIKstadeRR5OidYG8pibAAUHIiC51QUxgfTgFMY4DLUlglda7YiaP5yQiYbRftxwipRK5MZBVyzags0eReHx");
But after 2 hrs the token expires and I got oath error. Do you ahve any solutions ? I will sue it to get the posts from page. I do not want to edit / post anything with this. Just get the posts and write them. Also I do not want to rediret users when the token expires. Thanks for solutions
See scenario 5 of https://developers.facebook.com/roadmap/offline-access-removal/. By extending the 2 hour (short lived) token for a 2 month (long lived) token you can query for the page token after which will not expire.
Exchange the short-lived user access token for a long-lived access token using the endpoint and steps explained earlier. By using a long-lived user access token, querying the [User ID]/accounts endpoint will now provide page access tokens that do not expire for pages that a user manages. This will also apply when querying with a non-expiring user access token obtained through the deprecated offline_access permission.
So you will only need to "verify" once as a user then you can save the page access token after that.
I am working on a simple Facebook App that will allow me to post from my client's website to my client's Facebook Fan Page.
Right now I set the access token with $facebook->setAccessToken( EXTENDED_ACCESS_TOKEN_IN_DB ); after creating my application instance with the PHP SDK. I am using the 60 day long-lived extended access tokens so the client does not have to login to Facebook each time they want to post to the Fan Page.
At some point, the access token will become invalid for any number of reasons.
Under ideal circumstances this would be once every 60 days. At the same time it would be nice if we could continue to publish to the Fan Page from the website through the app until the day arrives that the user de-authorizes the app.
Is there anyway to get a new access token once it has expired without asking the user to login to Facebook?
Is there anyway to get a new access token once it has expired without asking the user to login to Facebook?
No. That’s the whole point of deprecating offline_access – that apps can’t go on “forever” doing stuff in the user’s name.
Maybe you want to get a page access token instead of a user access token? The former ones don’t have a default expiry date.
I'd just like to ask about a problem I'm facing with Facebook Graph API.
I've connected to Facebook successfully, stored the user ID, and user access_code into my DB
Now when viewing the site I'm building, it's using the access_token stored in my database, but doesn't show my facebook statuses....because the "session has expired"....
Is there anyway I can regenerate the access_token?
Thanks
Example:
$status = 'https://graph.facebook.com/'.$userId.'/statuses?limit='.10.'&access_token='.$app_token;
User access tokens last only 1-2 hours. There is a technique to get a 60 day token for your use. It is explained here: http://dominicminicoopers.blogspot.com/2012/03/facebook-access-tokens-and-offline.html Remember to get this extended access token prior to the short-lived access token expiring. You must pass in a valid working user access token to pass to it. Do this serverside, not clientside because you have to use your app secret.
https://graph.facebook.com/oauth/access_token?
client_id=[APP_ID]&
client_secret=[APP_SECRET]&
grant_type=fb_exchange_token&
fb_exchange_token=[EXISTING_NON-EXPIRED_USER_ACCESS_TOKEN]
Remember to ask for the user_status permission when prompting the user. See: http://developers.facebook.com/docs/authentication/permissions/#user_friends_perms
You cant regenerate it, but you can get a new one by having the user go through the oauth process again, it will return a new token - https://developers.facebook.com/docs/authentication/
You can try to get a long lived token. That will allow you to access the status even when the user is not loged in.
See here