问题
Since Facebook is removing the offline_access permission, I want to go ahead an migrate our website to use the new system.
I found this document on Facebook's website: https://developers.facebook.com/roadmap/offline-access-removal
However, when I process someone with Server-Side authentication, I get this response:
access_token => BLAHBLAHBLAHdontusemytokensilly
expires => 4992
When I try and use the acces point (on that document) to extend the access token more than a couple hours, I get this back:
access_token => BLAHBLAHBLAHdontusemytokensilly
expires => 4990
According to that document, server-side OAuth should get a token that lasts 60 days, I don't understand why I'm not getting that back.
I really do not want to send our users throught the OAuth redirect every 2 hours.
Any ideas? thanks!
UPDATE
As requested, here is the flow that I'm taking (in the browser):
First I redirected the user here:
https://www.facebook.com/dialog/oauth?client_id=BLAHBLAH&redirect_uri=http%3A//localhost/user-social/facebook/redirect&scope=user_about_me%2Cuser_events%2Cuser_interests%2Cuser_likes%2Cfriends_likes%2Cuser_location%2Cuser_status%2Cuser_subscriptions%2Cfriends_subscriptions%2Cemail%2Ccreate_event%2Cpublish_stream%2Crsvp_event%2Cpublish_actions%2Cuser_actions.music%2Cfriends_actions.music%2Cuser_actions.news%2Cfriends_actions.news%2Cuser_actions.video%2Cfriends_actions.video%2Cmanage_pages
This redirects the user to here:
http://localhost/user-social/facebook/redirect?code=BLAHBLAHBLAHsomeawesomecode#_=_
Then I requested an access token like so:
https://graph.facebook.com/oauth/access_token?client_id=BLAHBLAH&redirect_uri=http%3A//localhost/user-social/facebook/redirect&client_secret=BLAHBLAHsomeawesomesecret&code=BLAHBLAHBLAHsomeawesomecode
I receive this repose from Facebook:
access_token=BLAHBLAHBLAHdontusemytokensilly&expires=4057
This is obviosly a short-lived token. According to the Facebook documentation (above), I should have received a long-lived token (since I'm using server-side OAuth).
However, since it is short-lived, I attempted to trade it for a long-lived token:
https://graph.facebook.com/oauth/access_token?client_id=BLAHBLAH&redirect_uri=http%3A//localhost/user-social/facebook/redirect&client_secret=BLAHBLAHsomeawesomesecret&grant_type=fb_exchange_token&fb_exchange_token=BLAHBLAHBLAHdontusemytokensilly
This is what Facebook returned:
access_token=BLAHBLAHBLAHdontusemytokensilly&expires=3967
The same access_token is being returned in both requests.
UPDATE 2
I put the above access token into the Facebook Debugger and this is what it returned:
App ID:
BLAHBLAH
User ID:
211800900 : David Barratt
Issued:
Unknown
Expires:
1347303600 (in 40 minutes)
Valid: True
Origin: Web
Scopes: create_event create_note email friends_actions.music friends_actions.news friends_actions.video friends_likes friends_subscriptions manage_pages photo_upload publish_actions publish_stream rsvp_event share_item status_update user_about_me user_actions.music user_actions.news user_actions.video user_events user_interests user_likes user_location user_status user_subscriptions video_upload
UPDATE 3
After deleting all of my permissions and re-authorizing the app (as @phwd suggested). The Facebook API returns this:
access_token=BLAHBLAHBLAHdontusemytokensilly
Does this mean that I've been returned the long-lived access_token? if so, where is the expiration?
UPDATE 4
When I run the above access_token through the Facebook Debugger, I get the following result:
App ID:
BLAHBLAH
User ID:
211800900 : David Barratt
Issued:
1347309538 (39 minutes ago)
Expires:
Never
Valid: True
Origin: Web
Scopes: create_event create_note email friends_actions.music friends_actions.news friends_actions.video friends_likes friends_subscriptions manage_pages photo_upload publish_actions publish_stream rsvp_event share_item status_update user_about_me user_actions.music user_actions.news user_actions.video user_events user_interests user_likes user_location user_status user_subscriptions video_upload
This seems to fix the original problem, but it's strange that the access_tokens are indefinite instead of lasting the prescribed 60 days.
Any ideas on why that might be the case?
回答1:
Not sure if you know it. But the access token will only be renewed once a day, no matter how many times the user logs in into your application.
See: https://developers.facebook.com/roadmap/offline-access-removal/
回答2:
Since Facebook is removing the offline_access permission, I want to go ahead an migrate our website to use the new system.
Ensure you enabled "Remove offline_access permission" in the advanced settings of your app
If you did, you might be hitting a bug https://developers.facebook.com/bugs/378106708911903
来源:https://stackoverflow.com/questions/12355283/how-do-you-get-long-lived-access-tokens-from-the-facebook-graph-api-server-side