Facebook PHP SDK 4.0 : Getting Long Term Access Token

Question

I\'m trying to use the PHP sdk v4.0 to get a long term access token for PAGE management.

I\'m grabbing the access token from the user\'s login (Yes, I\'m grabbing the Pa

Answer 1

Use this code PHP

<?php
session_start();
require '/vendor/autoload.php';
use Facebook\FacebookSession;
use Facebook\FacebookRedirectLoginHelper;
use Facebook\FacebookRequest;
use Facebook\FacebookResponse;
use Facebook\GraphUser;
use Facebook\GraphObject;

FacebookSession::setDefaultApplication($config['app_id'], $config['app_secret']);
$helper = new FacebookRedirectLoginHelper('http://localhost/folder/index.php');

try {
	$session = $helper->getSessionFromRedirect();

	if ($session):
		$_SESSION['facebook'] = $session->getToken();
		header('Location: index.php');
	endif;

	if (isset($_SESSION['facebook'])):
		$session = new FacebookSession($_SESSION['facebook']);
		$page_id = '000000000000';
		// get page access token
		$access_token = (new FacebookRequest( $session, 'GET', '/' . $page_id,  array( 'fields' => 'access_token' ) ))
    ->execute()->getGraphObject()->asArray();
 
			// save access token in variable for later use  
		$access_token = $access_token['access_token'];
		
		$page_post = (new FacebookRequest( $session, 'POST', '/'. $page_id .'/feed', array(
    		'access_token' => $access_token,
		    'name' => 'TITULO DEL ENLACE',
		    'link' => 'http://www.example.com/',
		    'caption' = 'Example text',
		    'message' => 'This is my link!',
  ) ));
		$response = $page_post->execute();
		$graphObjectClass = $response->getGraphObject();
		$facebook_POST = $graphObjectClass;
	endif;
} catch(FacebookRequestException $ex) {
  // When Facebook returns an error
  echo $ex;
} catch(\Exception $ex) {
  // When validation fails or other local issues
  echo $ex;
}
?>

Answer 2

I would not use the PHP SDK for this, you can do this easily with CURL. See this article for a detailed description with all the code you need: http://www.devils-heaven.com/extended-page-access-tokens-curl/

If you really want to do this with the PHP SDK, there is an easy solution explained here: http://www.devils-heaven.com/facebook-access-tokens/

You just need to call a specific function on the FacecookSession object:

$facebookSession->getLongLivedSession();
$request = new FacebookRequest($session, 'GET', '/PAGE-ID?fields=access_token');

Btw, there is no "Page-specific User Token", but of course you need to authorize the User with the "manage_pages" permission to get access to /me/accounts - so you can get a list of the administrated Pages with all their Access Tokens. After you get that list, the only difference is that you will get a short-living Page Token with a short-living User Token and an extended one with an extended User Token.

Answer 3

There a several types of access tokens you can use with calls to Graph. Knowing which access token to use can be tricky.

User Access Token

If you want to make changes to the page and post on the page wall as the admin user, you'll need to use that user's access token.

Login

You'll need to ask that user to log in with the manage_pages permission if you're planning on performing admin-specific actions on the page.

$helper = new FacebookRedirectLoginHelper($redirect_url);
echo '<a href="' . $helper->getLoginUrl(['manage_pages']) . '">Login</a>';

Extending User Access Token

By default, you'll get a short-lived user access token from Facebook. I'm assuming you're using a database to store your access tokens. You'll need to exchange the short-lived user access token for a long-lived user access token and save the new token in the database.

$accessToken = $session->getAccessToken();
$longLivedAccessToken = $accessToken->extend();
echo (string) $longLivedAccessToken;

Using a code

If you're storing the long-lived user access token in the database, as a best practice, you should use the token to generate a code and then generate another long-lived access token. This way you're not using the same access token for all the requests on behalf of the user every time. This minimizes the chances of your app being flagged as spam.

use Facebook\Entities\AccessToken;

$longLivedAccessToken = new AccessToken('{long-lived-access-token}');
$code = AccessToken::getCodeFromAccessToken($longLivedAccessToken);
$newLongLivedAccessToken = AccessToken::getAccessTokenFromCode($code);

Page Access Tokens

If you want to post statues on the page and have the posts appear as if the page had posted the statuses you'll need to use a page access token.

Obtaining a page access token

Using a page admin's long-lived user access token, you can list the pages that that user administrates on the /me/accounts endpoint. You'll want to pull the access_token field which is the page access token. You can also pull the perms field to see which permissions the admin user has.

$request = new FacebookRequest($session, 'GET', '/me/accounts?fields=name,access_token,perms');
$pageList = $request->execute()->getGraphObject()->asArray();

Short-lived vs Long-lived page access tokens

If you use a short-lived user access token to obtain a page access token, the page access token will also be short-lived.

You could exchange the short-lived page access token with a long-lived page access token directly if you wanted to. This would give you a page access token that would last about 2 months.

$pageAccessToken = new AccessToken('{short-lived-page-access-token}');
$longLivedPageAccessToken = $pageAccessToken->extend();

However, if you use a long-lived user access token to obtain the page access token, the page access token will never expire.

Page access tokens "gotcha"

You can think of page access tokens as "sub access tokens" to the page admin user access token. This is an important concept because page access tokens are associated with the admin user you obtained the page access token from.

Since there are different page admin roles that a page admin can have, that will limit the scope of the page access token if the admin user isn't assigned the role that grants them a specific permission you need.