Refresh token and Access token in facebook API

About

Asked 15/5, 2013 at 11:20 Answered 10/12, 2019 at 8:19

Solved facebook-graph-api google-api oauth-2.0 facebook-oauth google-oauth

When we do oauth2 on google api, we get an access token and a refresh token. Suppose I'm writing a service and I want to periodically poll for changes I can just use refresh token to get fresh access tokens every time the current access token gets invalidated. This is called offline access.

Is there any way to do the same in facebook? Is there an offline access version similar to that of google api.

Thanks.

Discomposure answered 15/5, 2013 at 11:20 Comment(1)

No, you can only extend the user access token up to 2 months. Unless you are talking about app access token. – Silence 15/5, 2013 at 15:10

For offline access, you need to exchange your short-lived access token for a new access token, before it expires. Facebook has a single type of access token (no refresh tokens). A about-to-expire access token should fetch you a new access token.

To manually extend the tokens using a Graph API endpoint ::

GET /oauth/access_token?  
    grant_type=fb_exchange_token&           
    client_id={app-id}&
    client_secret={app-secret}&
    fb_exchange_token={short-lived-token}

Quoting FB's documentation from here ::

Apps are unable to exchange an expired short-lived token for a long-lived token. The flow above only works with short-lived tokens that are still valid. Once they expire, your app must send the user through the login flow again.

Do read the Expiration and Extending Tokens portion of the documentation link that I have mentioned for further clarification.

Price answered 15/5, 2013 at 14:18 Comment(6)

Can I request a new Access token whenever I want? Also every 2 minuts? – Rousseau 19/9, 2013 at 13:47

I don't see a reason why you cannot. The documentation says that you can access one token for another, it doesn't specify when. Try hitting the endpoint using fiddler first, you'd need just 5 minutes to get your answer. :) Good luck. – Price 19/9, 2013 at 13:53

Yes, but maybe they will block me! In fact, I won't spent time to check if my token is expired, just I refresh it every time! Also, I that with the same procedure I can swap a long live token for a new one long live token. – Rousseau 19/9, 2013 at 13:57

I get the concern, they will definitely block you if you send too many requests. Unfortunately, I could not find what is the upper limit. See this anyway - developers.facebook.com/docs/reference/ads-api/… – Price 19/9, 2013 at 14:3

@Rousseau you can exchange your long lived tokens for a long lived ones. When I was doing that something strange happened. When I checked the expiry of the token that I received, it was set to 2056 – Discomposure 21/10, 2013 at 10:0

Awesome answer @Price - Just one thing though, do you know if you can exchange other types of tokens for a User token. So could you exchange an App Access Token for a new User access token? Because otherwise, the user has to keep logging on because lets say the user doesn't run your app or website again for over 60 days, then even the long lived access token expires... – Culet 28/4, 2014 at 15:31

You can check the validity of your token from here , according to my token it expires never

Piotr answered 10/12, 2019 at 8:19 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags