We Keep Coding

Facebook long-lived token expires after a few days

When i try to request a long-lived access token from the facebook api it gives back a token and when i test the token in the debugger it says it will never expire, a few hours / a day later i can't make any calls with the token anymore. It suddenly says:
"Any of the pages_read_engagement, pages_manage_metadata, pages_read_user_content, pages_manage_ads, pages_show_list or pages_messaging permission(s) must be granted before impersonating a user's page."
This is how i request the long lived token:
$client = new Client([
'base_uri' => 'https://graph.facebook.com/v12.0/me/accounts?
fields=picture,category_list,name,access_token&access_token=' . $token,
'timeout' => 2.0,
]);
Am i doing something wrong here? Does anyone else have this problem?
(Edit) - The problem occurs when i connect a second time from another website, it seems like when i connect a second site the first token gets disconnected?

Unable to send chatMessage with Teams Graph API php

With help from #CarlZhao I am finally getting a good understanding of the difference between OAuth and Graph. I am building the capability in my app for users to post messages to a team channel. So far I can list teams, channels, and delete channels. I am having a hard time trying to send a chatMessage. I understand that because sending a chatMessage is a delegated permission and not an application permission so from my understanding I have to use the accessToken created from OAuth when the user authenticated with my app.
What I am doing is saving that token in my database so I can call it when I am trying to send a chatMessage. Not sure if that is correct. So in my code, I am creating a new Graph instance, but I am using the access token of the user and not the token of the graph.
$useraccesstoken = "************************************";
// create a new OAuth graph from useraccesstoken
$graph_message = new Graph();
$graph_message->setAccessToken($useraccesstoken);
// post message
$data = [
'body' => [
'content' => 'This is a message from the API I made it works'
],
];
$message = $graph_message->createRequest("POST", "/teams/$group_id/channels/$channel_id/messages")
->addHeaders(array("Content-Type" => "application/json"))
->attachBody($data)
->setReturnType(Model\User::class)
->execute();
This is producing no errors, but nothing happens and the chatMessage is not posted. I have double-checked and my $group_id and $channel_id are correct.
Am I using the $useraccesstoken correctly? can I start a new Graph() instance with the $useraccesstoken?

Yes, you could start a new Graph() instance with the $useraccesstoken.
The graph API of sending messages doesn't return User::class. Try your code with
->setReturnType(Model\ChatMessage::class)
The access token is invalid for one hour by default, see here. You could not use it all the time, so it seems you don't need to store in the database. It's better to refresh token before the access token expires, and this step shows you how to refresh token.
The default is 1 hour - after 1 hour, the client must use the refresh
token to (usually silently) acquire a new refresh token and access
token.

Laravel JWT Token Always Blacklisted

I am using the tymondesigns/jwt-auth package for my app. I use customClaims to make my token.
Here is the code for login :
$token_data = [
'iss' => new Issuer('AreteHCM'),
'iat' => new IssuedAt(Carbon::now()) ,
'exp' => new Expiration(Carbon::now()->addDays(1)),
'nbf' => new NotBefore(Carbon::now()),
'sub' => new Subject('AreteHCMS'),
'jti' => new JwtId('AreteHCM'),
'user_data' => $user->user,
'menu_access' => $menu_access,
'login_time' => Carbon::now(),
];
$customClaims = JWTFactory::customClaims($token_data);
$payload = JWTFactory::make($customClaims);
$token = JWTAuth::encode($payload)->get();
For Logout, I invalidate the token, so the token can not be used anymore after the user logout.
JWTAuth::invalidate(JWTAuth::getToken());
I'm creating API (Backend) and the front end team using Angular. Eveythings went smooth, until the user logout and try to login again. After login, the user get the new account, but when he/she wants to access my middleware always rejects the token, it says that the token is blacklisted.
Here is my middleware :
$token = JWTAuth::getToken();
$data = JWTAuth::getPayload($token)->toArray();
It always shows error :
The token has been blacklisted in file C:\xampp\htdocs\aretehcm\vendor\tymon\jwt-auth\src\Manager.php on line 109
What I want to approach is :
User login get new token to access the API (every API request requires header auth Bearer token)
User logout will invalidate the token, so the token can not be used anymore to access the API
User login will get a new token so he/she can access the API
Is there any misconception from me about the JWT-API architecture ?
Thank you in advance for your replies and answers.

A quick google search pointed me towards this solution:
https://github.com/tymondesigns/jwt-auth/issues/983#issuecomment-275884324

Refresh Token for Quickbooks expiring after 1 day

I've built an app that connects to Quickbooks using OAuth 2 with the official Quickbooks PHP SDK.
I get two tokens:
Access token (Expiring after 60 minutes)
Refresh token (Expiring after 100 days)
The Refresh token is used to get a new Access token.
However, by requesting a new access token I also receive a new refresh token that I save in the database.
The previous refresh token will be forced to expire. But the new refresh token is invalid already.
I have built a CRON job that request a new refresh token every 15 minutes. I do get a new refresh token but this one is invalid (Error : "invalid_grant"). (See the code below)
What am I doing wrong here ?
$dataService->setMinorVersion("9");
$OAuth2LoginHelper = $dataService->getOAuth2LoginHelper();
$accessToken = $OAuth2LoginHelper->refreshToken();
$dataService->updateOAuth2Token($accessToken);
$token->previous_token = $token->last_token;
$token->last_token = $accessToken->getRefreshToken();
if($token->last_token != $token->previous_token){
if($token->save()){
mail('mymail', 'New token !', "Token updated!!!!");
}
}

how to get a fresh access_token in facebook?

I am using the following script to automatically post to my PAGE while i'm offline every specific interval.
$attachment2 = array('message' => 'titlexxxxx',
'access_token' => 'CAAEHzeckZBHABAErwFP08GdHyuJcTY7gV2kVP08GdHyuJcTY7gV2kVP08GdHyuJcTY7gV2kVP08GdHyuJcTY7gV2kVP08GdHyuJcTY7gV2kVP08GdHyuJcTY7gV2kVf6Homc7ful2koSXv72PYQeP08GdHyuJcTY7gV2kVZCKKQZBAU',
'name' => 'titlexxxxxxxxx',
'caption' => 'titlexxxxxxxxx',
'link' => 'linkurllllll',
'description' => 'dexcccc'
);
$result = $facebook->api('/209311095776218/feed/','post',$attachment2); // the number is the page id
I'm getting the access token manually from the facebook graph explorer, I know this is stupid but I can't figure out how to get a fresh realtime access_token.
The access_token is not changing every long time, but it does change and this is annoying.
I need a detailed example to get a fresh token ...
IMPORTANT: the script is running while I'm Offline.

You get a new access token by going through a login flow https://developers.facebook.com/docs/facebook-login/getting-started-web/
For example in PHP it's something simple as allowing the user to click the result of getLoginUrl()
For pages you can go through scenario 5 described at https://developers.facebook.com/roadmap/offline-access-removal/
Extend your short lived access token for a long lived token
https://graph.facebook.com/oauth/access_token?
client_id=APP_ID&
client_secret=APP_SECRET&
grant_type=fb_exchange_token&
fb_exchange_token=EXISTING_ACCESS_TOKEN
After this when requesting a page access token (`graph.facebook.com/PAGE_ID?fields=access_token), it will not expire.