发表新帖
发表新帖

Do Facebook Oauth 2.0 Access Tokens Expire?

后端 未结
关注
13 1128
Happy的楠姐
Happy的楠姐 2020-11-27 09:32

I am playing around with the Oauth 2.0 authorization in Facebook and was wondering if the access tokens Facebook passes out ever expire. If so, is there a way to request a l

相关标签:
13条回答
  • 误落风尘
    2020-11-27 10:15

    Basic the facebook token expires about in a hour. But you can using 'exchange' token to get a long-lived token https://developers.facebook.com/docs/facebook-login/access-tokens

    GET /oauth/access_token?  
    grant_type=fb_exchange_token&           
    client_id={app-id}&
    client_secret={app-secret}&
    fb_exchange_token={short-lived-token}
    0 讨论(0)
  • 天命终不由人
    2020-11-27 10:19

    After digging around a bit, i found this. It seems to be the answer:

    Updated (11/April/2018)

    • The token will expire after about 60 days.
    • The token will be refreshed once per day, for up to 90 days, when the person using your app makes a request to Facebook's servers.
    • All access tokens need to be renewed every 90 days with the consent of the person using your app.

    Facebook change announce (10/04/2018)

    Facebook updated token expiration page (10/04/2018)

    offline_access: Enables your application to perform authorized requests on behalf of the user at any time. By default, most access tokens expire after a short time period to ensure applications only make requests on behalf of the user when the are actively using the application. This permission makes the access token returned by our OAuth endpoint long-lived.

    Its a permission value requested.

    http://developers.facebook.com/docs/authentication/permissions

    UPDATE

    offline_access permission has been removed a while ago.

    https://developers.facebook.com/docs/roadmap/completed-changes/offline-access-removal/

    0 讨论(0)
  • 一整个雨季
    2020-11-27 10:25

    Note that Facebook is now deprecating the offline_access permission in favor of tokens for which you can request an "upgrade" to the expiry. I'm just now dealing with this, myself, so I don't have much more to say, but this doc may help:

    https://developers.facebook.com/docs/offline-access-deprecation/

    0 讨论(0)
  • -上瘾入骨i
    2020-11-27 10:25

    Yes, they do expire. There is an 'expires' value that is passed along with the 'access_token', and from what I can tell it's about 2 hours. I've been searching, but I don't see a way to request a longer expiration time.

    0 讨论(0)
  • 悲&欢浪女
    2020-11-27 10:28

    log into facebook account and edit your application settings(account -> application setting ->additional permission of the application which use your account). uncheck the permission (Access my data when I'm not using the application(offline_access)). Then face will book issue a new token when you log in to the application.

    0 讨论(0)
  • 佛祖请我去吃肉
    2020-11-27 10:29

    Hit this to exchange a short living access token for a long living/non expiring(pages) one:

    https://graph.facebook.com/oauth/access_token?             
    client_id=APP_ID&
    client_secret=APP_SECRET&
    grant_type=fb_exchange_token&
    fb_exchange_token=EXISTING_ACCESS_TOKEN
    0 讨论(0)
 看不清?
提交回复
热议问题