Login/Register
How would you perform `debug_token` call using facebook php sdk?
Asked Answered
Solved phpfacebookfacebook-graph-api
T

2

10

According to the documentation the endpoint looks like

GET /debug_token?
     input_token={input-token}&
     access_token={access-token}

where

input_token: the access token you want to get information about
access_token: your app access token or a valid user access token from a developer of the app

Assuming I don't have a "valid user access token from a developer of the app" - just because I don't want to refresh it every 2 months and keep always it in mind - how would I perform it using "app access token"?

The getApplicationAccessToken() method is protected, so there is no way to access it without overriding it to public.

Any elegant solution that I'm missing?

PS: a call example that would fail with "You must provide an app access token or a user access token that is an owner or developer of the app" error due to lack of access token:

$tokenDebug = $fb->api('debug_token', array(
    'input_token' => $token,
));

PPS: the "interesting" thing is that the error from above would appear not for every $token but for some, and I cannot see any obvious distinction between tokens that fail and that succeed.

PPPS: $token is a user access token

PPPPS: Created a feature request for FB PHP SDK https://developers.facebook.com/bugs/637897982899835

PPPPPS: Probably it could be better to create a pull request instead, but it's 1:30am and I'm too tired for that

Tuckie answered 14/10, 2013 at 12:4 Comment(10)
Why would you want to debug your application access token in the first place …?Cynosure
@CBroe: I want to debug user access token $tokenTuckie
The combination app_id|app_secret (both values concatenated with a pipe symbol in the middle) always works as app access token).Cynosure
@CBroe: I know that :-) That's what getApplicationAccessToken() actually does, but it's protected. What I would like to avoid - is a hardcoded app_id|app_secret in the client code. And that's why I asked about some elegant solution :-)Tuckie
And getApplicationAccessToken generates its token the same way, and is public in the current SDK version, see github.com/facebook/facebook-php-sdk/blob/master/src/… – no idea what makes you think it was protected …?Cynosure
@CBroe: It's protected in the latest stable version (the one I use) github.com/facebook/facebook-php-sdk/blob/v3.2.2/src/… I didn't look at the master to check, so I think it's a good answer, could you please put it as an answer and my issue will be solved with the next stable releaseTuckie
PS: probably it could be a good idea to request FB team to always append access_token => $this->getApplicationAccessToken() if the API endpoint is debug_token so that consumers didn't care of itTuckie
Well, while we’re at it, why not ask them to create a new method debugAccessToken($token)? :-)Cynosure
@CBroe: In my solution I have just overriden getApplicationAccessToken() since I already extend the Facebook class. But I didn't like such a hack. Btw, creating a feature request, will add link to it to the question in a momentTuckie
@CBroe: done, with credits to you :-)Tuckie
C
17

OK, so if one needs an app access token, app_id|app_secret (both values concatenated with a pipe symbol in the middle) always works.

The method getApplicationAccessToken seems to have been protected in the PHP SDK up to 3.2.2 – whereas getAppId and getAppSecret are already public in that version; so those could be the alternative to hard-coding id and secret in place.

Cynosure answered 14/10, 2013 at 12:20 Comment(2)
Not quite always. When application is Desktop/Native, it does not work. input_token and access_token are the same in this case.Sycamine
Thank you so much! Not sure why I couldn't find this anywhere. I felt like a crazy person searching for an "app access token".Novak
U
6

The PHP SDK has the getOAuth2Client() client method, that returns a \Facebook\Authentication\OAuth2Client instance.

This has the debugToken($accessToken) method, that returns a \Facebook\Authentication\AccessTokenMetadata instance that contains data about the access token.

$appid = '123456789';
$appsecret = 'foobar';

$api = new Facebook(['app_id' => $appid, 'app_secret' => $appsecret]);

$oauth = $api->getOAuth2Client();
$meta = $oauth->debugToken($accessToken);
$meta->validateAppId($appid); // Will throw a FacebookSDKException if invalid

$meta->getIsValid(); // boolean
$meta->getExpiresAt(); // \DateTime|null
Undervalue answered 4/1, 2017 at 13:52 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.