I am working on a simple Facebook App that will allow me to post from my client's website to my client's Facebook Fan Page.
Right now I set the access token with $facebook->setAccessToken( EXTENDED_ACCESS_TOKEN_IN_DB ); after creating my application instance with the PHP SDK. I am using the 60 day long-lived extended access tokens so the client does not have to login to Facebook each time they want to post to the Fan Page.
At some point, the access token will become invalid for any number of reasons.
Under ideal circumstances this would be once every 60 days. At the same time it would be nice if we could continue to publish to the Fan Page from the website through the app until the day arrives that the user de-authorizes the app.
Is there anyway to get a new access token once it has expired without asking the user to login to Facebook?
Is there anyway to get a new access token once it has expired without asking the user to login to Facebook?
No. That’s the whole point of deprecating offline_access – that apps can’t go on “forever” doing stuff in the user’s name.
Maybe you want to get a page access token instead of a user access token? The former ones don’t have a default expiry date.
Related
As the title suggests im wondering how i could obtain a never expiring facebook user access token. Which i would need to create a page access token at a later date. I tried using their graph explorer tool but i could only make it go up to 2 months of expiry date and for my use case that wouldnt be ideal.
To shortly explain my use case, on our website im trying to implement a facebook sharing system where each user could share what they wanted i.e posts on their facebook page (we are not using facebook login and the user would just give acces from their own dev tool panel if thats the correct approach). I got this to work BUT only with a acces token that would expire in 2-3months. So a user having to re-authenicate with our service every 2-3 months isnt ideal and wouldnt really work for us. So is there a way i can refresh that token programtically or does the user have to give a new user access token every couple of months.
I have tried following this answer but with no luck Long Lived access token Facebook Page and many similar answers to this. There is also a suggestion that you should contact facebook if you want a never expiring access token which this user suggested Generate permanent access token Facebook API.
Now im wondering if it even is possible do that in 2021 and if there is anything i missed in regards how to generate said tokens or refresh them.
EDIT:
I used the following requests to get the extended access token.
https://graph.facebook.com/oauth/access_token?client_id=<your FB App ID >&client_secret=<your FB App secret>&grant_type=fb_exchange_token&fb_exchange_token=<your short-lived access token>
After i got the token i used
https://graph.facebook.com/me/accounts?access_token=<your long-lived access token>
to get the extended access token.
To get page access token that never expires, take the following steps:
Get user token
Make this token long-lived, e.g. by clicking "Extend access token" at the bottom of the page: https://developers.facebook.com/tools/debug/accesstoken/
Then, use this token to get page access token.
In Access Token Debugger the token will be marked as "Expires: never"
I am making an OAuth 2.0 request and it is returning me JSON with refresh_token and access_token, why are there are 2 in OAuth2.0?
Which one is short lived?
What is the purpose of both?
I read this question on SO but that didn'e helped me much, Any help in this regard will be appreciated
Thanks
The access token is what you will use to authenticate your service requests. It generally contains details about the user or is directly mapped to the permissions about the user and the permissions that he has granted.
These tokens are short lived - something like one hour, the actual duration differs per provider.
The refresh tokens on the other hand are used to get a new access token when the one that you have expires. They have a much longer (sometime infinite, until explicitly revoked) lifetime.
Now, let's consider an end to end scenario. Let's say you create an app that does Facebook actions on a user's behalf - post on their timeline etc.
Your app redirects the user to log in to Facebook - you use Facebook SDK for this.
When the user successfully logs in and gives you the required permissions (post on timeline) you get an access token and a refresh token.
Your app can now hit the Facebook API to post on the user's timeline on his behalf with the access token. This token can be used for one hour (or whatever time the access token is valid)
Once the token is about to expire, you can hit a Facebook API to refresh the access token, as this one is about to expire. So, you call into the API with refresh + access tokens.
The API returns a new access token to you - you can use this now till it expires.
PS - This is not how it happens for Facebook actually. This was just a random example to explain how refresh and access tokens differ.
If this makes sense, go back to the question that you have linked. It has some really good answers. :)
I have an applicatoin that gets the birthday of the users threw a form and than it's supposed to write on there wall on there birthday.
Is this possible? even if they visit the app today and there birthday is in 200 days? Because I know the token only lasts 60 days and I want to post with there fb profile.
If I try to post the message on my fan page (where I can get a token that lasts forever) and tag them it doesn't work, because facebook doesn't allow tagging threw the api, you have any suggestions how can I achieve this?
For posting a feed on the user's wall, you can use the APP Access Token instead of the extended user token you are saving.
App Access Token
Facebook removed the offline_access permission a couple of years back:
https://developers.facebook.com/docs/roadmap/completed-changes/offline-access-removal/
"Note: The user must access your application before you're able to get a valid "authorization Code" to be able to make the server-side OAuth call again. Apps will not be able to setup a background/cron job that tries to automatically extend the expiration time, because the "authorization code" is short-lived and will have expired."
Basically you need an Authorization code to get a new token, and you can only get that if the user actively uses your app.
I'm trying to make aplication which get the posts of facebook page. I did everything and it is working fine but I have problem wih access token. I've tried some SO answers about making FB APP but it didn't worked for me. I got to point when my token expired then refreshed page but the page asked me to verify access. But I cannot have it like this, because it doesnt serve the purposse.
Now I'm taking the content from this url with file_get_contents("https://graph.facebook.com/soecz/posts?access_token=CAACEdEose0cBAJrnTKwdTdaloBgShsNSIkJjspgQocumZB4CV4mZACpAo3xj57gYcVYYYeHDBxi2ltNCT7SZB0Yl51PBQCrInIKstadeRR5OidYG8pibAAUHIiC51QUxgfTgFMY4DLUlglda7YiaP5yQiYbRftxwipRK5MZBVyzags0eReHx");
But after 2 hrs the token expires and I got oath error. Do you ahve any solutions ? I will sue it to get the posts from page. I do not want to edit / post anything with this. Just get the posts and write them. Also I do not want to rediret users when the token expires. Thanks for solutions
See scenario 5 of https://developers.facebook.com/roadmap/offline-access-removal/. By extending the 2 hour (short lived) token for a 2 month (long lived) token you can query for the page token after which will not expire.
Exchange the short-lived user access token for a long-lived access token using the endpoint and steps explained earlier. By using a long-lived user access token, querying the [User ID]/accounts endpoint will now provide page access tokens that do not expire for pages that a user manages. This will also apply when querying with a non-expiring user access token obtained through the deprecated offline_access permission.
So you will only need to "verify" once as a user then you can save the page access token after that.
I'd just like to ask about a problem I'm facing with Facebook Graph API.
I've connected to Facebook successfully, stored the user ID, and user access_code into my DB
Now when viewing the site I'm building, it's using the access_token stored in my database, but doesn't show my facebook statuses....because the "session has expired"....
Is there anyway I can regenerate the access_token?
Thanks
Example:
$status = 'https://graph.facebook.com/'.$userId.'/statuses?limit='.10.'&access_token='.$app_token;
User access tokens last only 1-2 hours. There is a technique to get a 60 day token for your use. It is explained here: http://dominicminicoopers.blogspot.com/2012/03/facebook-access-tokens-and-offline.html Remember to get this extended access token prior to the short-lived access token expiring. You must pass in a valid working user access token to pass to it. Do this serverside, not clientside because you have to use your app secret.
https://graph.facebook.com/oauth/access_token?
client_id=[APP_ID]&
client_secret=[APP_SECRET]&
grant_type=fb_exchange_token&
fb_exchange_token=[EXISTING_NON-EXPIRED_USER_ACCESS_TOKEN]
Remember to ask for the user_status permission when prompting the user. See: http://developers.facebook.com/docs/authentication/permissions/#user_friends_perms
You cant regenerate it, but you can get a new one by having the user go through the oauth process again, it will return a new token - https://developers.facebook.com/docs/authentication/
You can try to get a long lived token. That will allow you to access the status even when the user is not loged in.
See here