Sensible solutions to the removal of the offline_access permission

Question

Am coming back to building a FB app after some time away from the FB Platform and I see that the old offline_access permission has been removed and replaced with long(ish)-expir

Answer 1

here comes 3rd option as a suggestion.

For each authenticated user, you have access_token and expires_in (assume that you have stored them in your db already)

1) Write a scheduled task, that checks existing tokens with their expires_in value when you find any token close to expiration time,

2) you can renew this token from the server side by HTTP GET call (sample code below)

requestUrl = "https://graph.facebook.com" + "/oauth/access_token"
            + "?" + "client_id="+facebook_appId 
            + "&"+"client_secret="+facebook_appSecret
            + "&" + "grant_type=fb_exchange_token"
            + "&" + "fb_exchange_token="+currentToken;

            req = WS.url( requestUrl );
            Logger.info("renew token, req.url : %s", req.url);
            req.timeout = 20;
            resp = req.get();

            // access_token=....&expires=5181096
            Map respMap = LocoUtils.decodeUrl( resp.getString() );
            token = respMap.containsKey("access_token")? respMap.get("access_token") : "";

            facebookToken.access_token = token;
            facebookToken.expires_in = respMap.containsKey("expires")?LocoUtils.stringToLong(respMap.get("expires")) : 0L;