I removed the offline_access permissions, revoked the offline_access permissions, and set my app as native. Now instead of getting the 2 hs token, I get a 24 hs token, but is supposed to give a 60 day token, someone knows what's happening here?
Already tried:
https://graph.facebook.com/oauth/access_token?client_id=$APP_ID&client_secret=$APP_SECRET&grant_type=fb_exchange_token&fb_exchange_token=$TOKEN
And still getting 24 hs token
Facebook 60 day access token and Deprecated Offline_Access
According to this post, the (deprecate) offline access setting has to be on.
It seems the applications created before the new policy will use long lived tokens until the definitive rollout, any new application created after they announced the new token policy will expire in the expected time
Related
We have a usecase where a user uses facebook social login to sign in our application and we get the long-lived access token with 60 days expiration time. But as it expires in 60 days, we don't want to prompt for logging-in again through facebook; rather refreshing the token on our end. To add to that, using the same long-lived access token frequently comes with the risk of the application being flagged as spam.
I came across a link that is :
https://developers.facebook.com/docs/facebook-login/access-tokens/refreshing/
where we can redeem another long-lived access token with the help of the code. But, when I try to retrieve the code through a test user's short-lived access token; it works. On the other hand, if I try to get the code with the help of my long-lived access token(which is valid and works well when hitting Graph API), I get the error :
{"error":{"message":"Invalid OAuth access token data.","type":"OAuthException","code":190,"fbtrace_id":"AlAiFbxLbeP5YifJLRdTXHG"}}
Please help me.Thanks in advance!
Is it just me or long lived access tokens for Facebook API don't expire anymore?
We used to get a "expires" parameter when we exchanged the short-live to a long-lived token which was of 60 days. But since few days, we don't receive this anymore.
Plus, when we are looking at the debugger for those tokens (https://developers.facebook.com/tools/debug/access_token) it's says "Expires: Never".
I can't find official documentation on this whether those token are now really never expiring. Any idea?
Thanks,
Stéphane
Update
Page access token (manage_page permission) does not expire: "By using a long-lived user access token, querying the [User ID]/accounts endpoint will now provide page access tokens that do not expire for pages that a user manages." https://developers.facebook.com/roadmap/offline-access-removal/#page_access_token
Is it a Facebook Page Access Token? If yes, there is some great answers here: Facebook Page Access Tokens - Do these expire?
I saw the page about "Removal of offline_access permission" https://developers.facebook.com/roadmap/offline-access-removal/
but I can't find a way to let the access token expire to test my desktop app. When I log in I only can get an accesstoken with 2 month.
How can I make an accesstoken expire in short time? How can I get a short-lived access token?
I guess, that if you will use Graph API Explorer: https://developers.facebook.com/tools/explorer you will get short –lived token (should expire in 1 -2 hours). Then copy it and use it in your application for testing.
Also I have found this link where you can test access token and find out who issued, when it will expire and some more: https://developers.facebook.com/tools/debug/access_token
Is there any way to use the graph api to find out when a page access token, or application token will expire?
Update: There is a new API endpoint to access information about an access token. You can find info here: Debugging Access Tokens and Handling Errors
https://graph.facebook.com/debug_token?input_token=INPUT_TOKEN&access_token=ACCESS_TOKEN
input_token: the Access Token to debug
access_token: your App Access Token or a valid User Access Token from a developer of the app.
--
You should try to make sure that you store each token's expiration time along with the access token when you get it. For a page access token, that means storing the expiration time of the user access token. If you would like to manually discover expiration times for tokens you have today, you should use Facebook's Access Token Debugger tool. However, you should not be relying on expiration times alone -- in practice, many tokens will expire much earlier than their expiration time.
Application access tokens will never expire, unless the application secret key is reset.
Page access tokens last up to 60 days (5184000 seconds), but more importantly, they last as long as the user access token that was used to acquire them. So they will be invalidated as soon as the user that you got them from:
logs out of FB.
changes password.
deauthorizes your application.
Basically, when you lose the user's token, you will lose the page's token. Instead, you should retrieve page access tokens once per user access token. If you throw out a user access token, throw out the page token. You should not be trying to store page access tokens for any significant period of time. Instead you should get them as needed and forget them when a user's session dies.
To get a new page access token:
https://graph.facebook.com/PAGEID?fields=access_token&access_token=USER_ACCESS_TOKEN
Access Token Debugger
https://developers.facebook.com/tools/debug/access_token
Does not use the Graph API... but a very useful tool for manual debugging.
There is now an API version of the debugger tool.
See https://developers.facebook.com/docs/authentication/access-token-debug/
I would like to repeat this question for the current version of the API since I've come to a situation when Facebook doc clearly does not describe what is happening:
no expiry dates when requesting a new long-lived token with fb_exchange_token
no expiry dates when requesting debug_token information (expires_at = 0)
it does reply with an expiration date when redirecting the user to the auth page for the first time, but that does not help as I cannot extract the long-lived expiration date nor it will reply with this information for the second time
The debug tool here: https://developers.facebook.com/tools/debug/accesstoken says "Expires: Never".
Try this, it worked with me. Get the token with your app and paste it in the graph explorer as the token to be used for queries. Click on the info a see the expiration date.
example image
I hope it works for you too.
https://developers.facebook.com/docs/facebook-login/access-tokens/expiration-and-extension
From the page above:
Access tokens on the web often have a lifetime of about two hours, but
will automatically be refreshed when required. If you want to use
access tokens for longer-lived web apps, especially server side, you
need to generate a long-lived token. A long-lived token generally
lasts about 60 days.
offline-access-deprecation
As of today, If I ask for publish_stream permission, can I keep this access token and continue to use it forever? (or do I have to renew it every xxx days)?
Will I be OK if I just use publish_stream?
Also, I got this back from the response:
access_token=AAAEpyvU...8KktpSub&expires=3673
What does "expires" mean? There are 3673 seconds remaining?
What's the point of having an access token if it expires in 3673 seconds?
The publish_stream is a special permission. Once a user grants it, then you have unlimited offline access without needing the offline access to publish to their stream. See:
https://developers.facebook.com/docs/reference/api/permissions/
publish_stream Enables your app to post content, comments, and likes to a user's stream and to the streams of the user's friends.
With this permission, you can publish content to a user's feed at any
time, without requiring offline_access. However, please note that Facebook recommends a user-initiated sharing model.
https://developers.facebook.com/docs/offline-access-deprecation/
offline access were allowing users to get life time access but now fb has changed.so every access token now have 60 days expiration time,If you don't use offline_access it will expire with an hour or whatever you will get in expires=3673 value.Its in second.
Thanks