Facebook-offline_access alternatives: How long will a token created from an app last so I can pull my page's feed into my website

Question

Main Question: (since offline_access permission) is deprecating; how long will an access token created by hitting the below url with app's ID and secret last? https://graph.facebook.com/oauth/access_token?grant_type=client_credentials&client_id=XXXX&client_secret=YYYY last? It seems a simple question but I have not been able to find a definitive answer here or on developers.facebook.com

Secondary Question I want to pull my facebook pages's feed into my website (either via jquery plugin or rolling me own), but both using something like:

https://graph.facebook.com/100002282383158/feed?method=GET&metadata=true&format=json&callback=___GraphExplorerAsyncCallback___&access_token=XXX

basically I'm using an appID and secret created via an fb app that I made just so I can generate an access token and pull my feed into my website (see first question), without requiering the user to authenticate with fb. Is there a better way to do this than making the above call and creating an app to get a token? (the web server that I have to use can not use php)

notes: in this post in the comments it says "Offline access has now been deprecated, but you are allowed to extend an access token to last for 60 days." but I have not found any doc to back that up or a way for me to set that time; and i'd hate to go live wondering if my token will expire at some unknown time Facebook Page Access Tokens - Do these expire?

From a security perspective, if you put your access token in a url in your website's javascript, then you are exposing it to everyone and you could end up in a lot of trouble. — logan, Apr 13 '12 at 00:11

score 0 · Answer 1 · answered Apr 13 '12 at 05:39

0

After the offline_access permission is removed, tokens will last 60 days.

answered Apr 13 '12 at 05:39

Colm Doyle

3,598
1
20
22

score 0 · Answer 2 · answered Apr 13 '12 at 16:00

0

I'm using an app access token, and they (apparently) do not expire (unless you mess with your password or app secret)

"App access tokens do not expire unless you refresh you app's App Secret. You do this in your app's settings."

https://developers.facebook.com/docs/authentication/applications/

answered Apr 13 '12 at 16:00

daddyfristy

5
1
3

I think the question was regarding app_tokens that allow apps to post, etc on behalf of a user... not the app_token/app_secret you get when you register your application. – El Guapo May 02 '12 at 15:11

score 0 · Answer 3 · answered May 02 '12 at 12:57

you can get token for user that last 60 days by hiting fallowing url

https://graph.facebook.com/oauth/access_token?             
    client_id=APP_ID& 
    client_secret=APP_SECRET&
    grant_type=fb_exchange_token&
    fb_exchange_token=EXISTING_ACCESS_TOKEN

Facebook-offline_access alternatives: How long will a token created from an app last so I can pull my page's feed into my website

3 Answers3