Login/Register
Facebook 60 day access token and Deprecated Offline_Access
Asked Answered
Solved facebookfacebook-graph-apifacebook-c#-sdkfacebook-oauth
H

1

7

Facebook's "Deprecated Offline Access" doc (http://developers.facebook.com/docs/offline-access-deprecation/) states the following:

*Server-side OAuth Developers

If the access_token is generated from a server-side OAuth call, the resulting access_token will have the longer expiration time. If the call is made while there is still a valid access_token for that user, the returned access_token from this second call may be the same or may have changed, but in either case the expiration time will have been reset. Again, calling this multiple times during the same day will result only in the first call extending the expiration time.*

This would seem to imply that Server-side OAuth automatically gets a long expiration token. I do find this to be the case if I enable the "deprecate offline access" setting in the Facebook Developer advanced dialog - The token expires in 60 days. But with the setting off the token expires in 2 hours.

I'm a little confused about the point of this setting:

Question:

  • The setting sounds like a "transitionary/migratory" option.... If I enable this option will I still get 60 day tokens 6 months from now? without using the "exchange" endpoint?

  • Why not just automatically set all tokens to 60 days?

His answered 17/2, 2012 at 13:59 Comment(0)
S
7

The point of migration settings for Facebook apps is to enable developers to test new features (or deprecation of old features) ahead of time in their apps and spot bugs that may arise. AS indicated on the Developer Roadmap, offline_access permission will be removed on May 1st and at that point, every app will act as if the migration setting you are testing is enabled.

You can find more information about this change here: https://developers.facebook.com/docs/offline-access-deprecation/

The reason we do not automatically enable this without notice is because it would cause a lot of apps to break. Facebook have a breaking change policy which tries to avoid making those sorts of changes without a 90 day warning (and in this case, a migration setting).

Edit: offline access permission removal was pushed back to Oct 3rd.

Slurp answered 17/2, 2012 at 15:51 Comment(2)
Thanks for the response! It cleared things up for me... I'll enable the option now to get 60 day tokens, and then after the migration period is over I'll continue to get 60 day tokens - exactly what I wanted to know. Thanks!His
So, are you saying that as long as the user first-time authenticates and approves the access in a browser, that we can store the access token, exchange it via the endpoint for a 60-day token and then when that one goes invalid, as we request something via it, we'll get a new short-term token that we can exchange again meaning that the user never has to manually log-in again? I ask this because I am designing server-side apps that will run almost 100% automated and will be totally headless so don't want them to just stop running at the end of 60 days. Please advise on this.Molecular

© 2022 - 2024 — McMap. All rights reserved.