Generate “never-expire” access token for Facebook Page

Question

I have managed to post to Facebook Page via API (C#), but when administrator of the page logs out, the following error occurs:

\"(OAuthException - #190) Error valida

Answer 1

The accepted answer is no longer correct. This works now.

Open graph Explorer: https://developers.facebook.com

• Login and choose your application from the right corner dropdown
• Once logged in click Tools & Support icon in top right corner
• Then choose Access Token Tool link on the right side beneath your applications name

To the right of the displayed user token > click [Debug] button

This will have taken you to the Access Token Debugger

• Click the blue button at the bottom that says Extend Access Token
• This will say: This new long-lived access token will never expire
• Copy and paste that token into your application ie; EAAYMFDuobYUBADtYjVDukwBGpwPHOCY0iYglYY3j3r200MzyBZB4.....

Answer 2

You need to get a user access token by FB.login() with manage_pages, pages_show_list and others in scope permissions. Then, execute FB.api("/{user-app-id}/accounts", fields: ...) to get a list of pages with their respectively info, including access_token. Here, you get a short-lived-token, but with this token you can extend its expiration time to "Never".

FB.login(function (response){
  if(response.status!=="connected"){
    return;
  }        
  FB.api('/'+USER_APP_ID+'/accounts',{fields: 'id, name, access_token,category, picture'}, 
   function(d){
    console.log(d) // Here you get access_token (short-lived-token)
  });
},{scope: 'manage_pages, pages_show_list', auth_type: 'rerequest'});

With the last access token and from server side, you make a call to API Graph, using App ID and App Secret of the App you use to get permissions to manage the page.

GET /oauth/access_token?  
grant_type=fb_exchange_token&           
client_id={app-id}&
client_secret={app-secret}&
fb_exchange_token={short-lived-token} 

The response gives you an access token with expiration time in "Never".

References: API Graph Accounts, Expiration and Extends Access Tokens

Answer 3

The method below worked for me, if you are using 4.x Facebook SDK:

1. Create the Temporary User Access Token for the first time using the method mentioned here.
2. Now! It's time to convert this token to Long Term Token using PHP SDK 4.x. Use the following code as it worked for me:

//Class for Generating the Long Lived Token

namespace App\Lib;

use Facebook\FacebookApp;
use Facebook\FacebookClient;
use Facebook\Authentication\OAuth2Client;

class FacebookLongLivedTokenGenerator
{
    public $longLivedTokenGenerated = false;

    public function generateFacebookLongLivedToken($appId, $appSecret, $oldToken)
    {
        //request new access token
        $oauth2Fb = new OAuth2Client(new FacebookApp($appId, $appSecret), new FacebookClient());
        $longLivedToken = $oauth2Fb->getLongLivedAccessToken($oldToken);
        if ($longLivedToken) {
            $this->longLivedTokenGenerated = true;
            $this->userAccessToken = $longLivedToken;
        }
        return trim($this->userAccessToken);
    }
}

You can consume the above class this way:

$longToken = new FacebookLongLivedTokenGenerator();
echo $longToken->generateFacebookLongLivedToken($appId, $appSecret, $oldUserAccessToken);

Answer 4

1. Generate long-lived token for admin of the fan page http://appdevresources.blogspot.sg/2012/11/extend-facebook-access-token-make-it.html (nice explanation with images)
2. Generate long-lived token for fan page itself http://appdevresources.blogspot.sg/2012/11/retrieving-facebook-page-id-and.html
3. Use token from 2) to post on the fan page's wall (no need for Facebook Login dialog)
4. Resulted token will never expire (even if administrator of the fan page did log out)

Answer 5

You can use following api from facebook to refresh token life to 60 days and just when the token is about to expire, call the same api again with-in 60 days to refresh its life back to 60 days from that point of time Token expire is present in expires parameter and its value is in seconds

Replace CLIENT_ID and CLIENT_SECRET with their actual value

https://graph.facebook.com/oauth/access_token?client_id=<CLIENT_ID>
&client_secret=<CLIENT_SECRET>&grant_type=fb_exchange_token
&fb_exchange_token=<ACCESS_TOKEN>

in ACCESS_TOKEN, put the actual token value without appending "access_token="

Answer 6

It's November 2018 and this worked for me!

<?php
$args=[
    'usertoken'=>'xxx',
    'appid'=>'xxx',
    'appsecret'=>'xxx',
    'pageid'=>'xxx'
];
function generate_token($args){

$r = json_decode(file_get_contents("https://graph.facebook.com/v2.9/oauth/access_token?grant_type=fb_exchange_token&client_id={$args['appid']}&client_secret={$args['appsecret']}&fb_exchange_token={$args['usertoken']}")); // get long-lived token
    $longtoken=$r->access_token;
    $r=json_decode(file_get_contents("https://graph.facebook.com/{$args['pageid']}?fields=access_token&access_token={$longtoken}")); // get user id
    $finaltoken=$r->access_token;
    return $finaltoken;
}
echo "https://graph.facebook.com/v2.9/oauth/access_token?grant_type=fb_exchange_token&client_id={$args['appid']}&client_secret={$args['appsecret']}&fb_exchange_token={$args['usertoken']}";
echo '<br><br>Permanent access token is: <input type="text" value="'.generate_token($args).'"></input>';