Since Facebook is removing the offline_access permission, I want to go ahead an migrate our website to use the new system.
I found this document on Facebook's website: https://developers.facebook.com/roadmap/offline-access-removal
However, when I process someone with Server-Side authentication, I get this response:
access_token => BLAHBLAHBLAHdontusemytokensilly
expires => 4992
When I try and use the acces point (on that document) to extend the access token more than a couple hours, I get this back:
access_token => BLAHBLAHBLAHdontusemytokensilly
expires => 4990
According to that document, server-side OAuth should get a token that lasts 60 days, I don't understand why I'm not getting that back.
I really do not want to send our users throught the OAuth redirect every 2 hours.
Any ideas? thanks!
UPDATE
As requested, here is the flow that I'm taking (in the browser):
First I redirected the user here:
This redirects the user to here:
http://localhost/user-social/facebook/redirect?code=BLAHBLAHBLAHsomeawesomecode#_=_
Then I requested an access token like so:
I receive this repose from Facebook:
access_token=BLAHBLAHBLAHdontusemytokensilly&expires=4057
This is obviosly a short-lived token. According to the Facebook documentation (above), I should have received a long-lived token (since I'm using server-side OAuth).
However, since it is short-lived, I attempted to trade it for a long-lived token:
This is what Facebook returned:
access_token=BLAHBLAHBLAHdontusemytokensilly&expires=3967
The same access_token is being returned in both requests.
UPDATE 2
I put the above access token into the Facebook Debugger and this is what it returned:
App ID:
BLAHBLAH
User ID:
211800900 : David Barratt
Issued:
Unknown
Expires:
1347303600 (in 40 minutes)
Valid: True
Origin: Web
Scopes: create_event create_note email friends_actions.music friends_actions.news friends_actions.video friends_likes friends_subscriptions manage_pages photo_upload publish_actions publish_stream rsvp_event share_item status_update user_about_me user_actions.music user_actions.news user_actions.video user_events user_interests user_likes user_location user_status user_subscriptions video_upload
UPDATE 3
After deleting all of my permissions and re-authorizing the app (as @phwd suggested). The Facebook API returns this:
access_token=BLAHBLAHBLAHdontusemytokensilly
Does this mean that I've been returned the long-lived access_token? if so, where is the expiration?
UPDATE 4
When I run the above access_token through the Facebook Debugger, I get the following result:
App ID:
BLAHBLAH
User ID:
211800900 : David Barratt
Issued:
1347309538 (39 minutes ago)
Expires:
Never
Valid: True
Origin: Web
Scopes: create_event create_note email friends_actions.music friends_actions.news friends_actions.video friends_likes friends_subscriptions manage_pages photo_upload publish_actions publish_stream rsvp_event share_item status_update user_about_me user_actions.music user_actions.news user_actions.video user_events user_interests user_likes user_location user_status user_subscriptions video_upload
This seems to fix the original problem, but it's strange that the access_tokens are indefinite instead of lasting the prescribed 60 days.
Any ideas on why that might be the case?
Not sure if you know it. But the access token will only be renewed once a day, no matter how many times the user logs in into your application.
See: https://developers.facebook.com/roadmap/offline-access-removal/
Since Facebook is removing the offline_access permission, I want to go ahead an migrate our website to use the new system.
Ensure you enabled "Remove offline_access permission" in the advanced settings of your app
If you did, you might be hitting a bug https://developers.facebook.com/bugs/378106708911903
来源:https://stackoverflow.com/questions/12355283/how-do-you-get-long-lived-access-tokens-from-the-facebook-graph-api-server-side