Facebook Page Access Tokens - Do these expire?

Question

I\'m building an app that allows users to administrate their Facebook Fan Pages. This requires the following two Access Tokens:

1. A User Access Token
2. A

Answer 1

• Default Page access token are short-lived so they expire in 1 or 2 hours. If you want to make it last longer you need to extend the short-lived to a long-lived access token so it will last approximatively 2 months.
• The permission offline_access is now deprecated.
• The access token does not expire when a user change is password.

In another question I explain How to extend Page access token.

Answer 2

Facebook's documentation on the issue (long-lived page access tokens) doesn't match what happens in reality. The documentation claims that page access tokens acquired via extended/long-lived user access tokens will never expire. However, in reality, these page access tokens expire in 60 days.

See the Facebook bug: http://developers.facebook.com/bugs/461517520524921

Answer 3

See this https://developers.facebook.com/roadmap/offline-access-removal/#page_access_token According to this when you get short time access token and extend it to long live access token this will not expair for only page access token. See scenario 5: page access token

Answer 4

Page access tokens are expired when the user's access token expired. You can extend user access token to last up to 60 days in order to make the page access token last long.

Check out my blog and follow the step by step instruction of getting extended access token and getting the fanpage access tokens as well.

Answer 5

I'm not sure if facebook has made changes to fix these bugs or not but it seems that user access tokens do not expire once page access tokens are granted for the user. Based on my testing the flow goes something like this:

1. User access token requested -> 60 day user token is issued
2. Page access tokens requested -> page access tokens issued that never expired and initial user access token is upgraded to never expire as well.

Hope this clears up some of the confusion on here. I have tested this with many different users in our app and see the same thing each time.

If page access tokens are never requested, the original user access token will expire after 60 days.

Answer 6

You can extend a page access token to make it never expire. The documentation is a little muddy, but the following pages have pertinent information, and you will obviously need to be an administrator of the page. Pay close attention to scenario 4 and 5 at the second link.

https://developers.facebook.com/docs/reference/api/page/#page_access_tokens https://developers.facebook.com/roadmap/offline-access-removal/#page_access_token

It is simple using the graph explorer to retrieve tokens from Facebook. The graph explorer also allows you to debug the token which will list the expiration date, thus you can verify that it never expires. Graph Explorer: https://developers.facebook.com/tools/explorer

Click on the Get Access Token button to retrieve your token. Keeping your id in the query bar, simply append /accounts to your id, so that it looks like this: /123456789101112/accounts. Make sure it is a GET request (The drop-down to the left of the query bar).

This will retrieve all pages that you are configured to work with. You then need to make a GET request to:

/oauth/access_token?client_id=APP_ID&client_secret=APP_SECRET&grant_type=fb_exchange_token&fb_exchange_token=EXISTING_ACCESS_TOKEN 

Your APP_ID and APP_SECRET can be found in your applications administration settings. Use your personal access token as the final parameter (EXISTING_ACCESS_TOKEN). This will return a 60 day personal access token. Copy this token into the Access Token bar, which is above the query bar. Now make a GET request to USER_ID/accounts like we did towards the beginning. This will again return a list of pages that you are configured to work with.

But this time the page tokens that are listed with the pages do not expire. You can check this by copying a page token into the Access Token bar, and clicking the Debug button. This will give you details on that access token, including the expiration time, which should be never in this case.

UPDATE

I have also found that Facebook's graph explorer sometimes get confused with user context, and may not be reliable at all times. Alternatives are Fiddler or Postman.