57

As I understand it, recently Facebook has decided to remove the offline_access permission and has introduced a concept called long-lived access tokens which last a maximum of 60 days. Is there anyone who knows how to get this access token with the Facebook JavaScript SDK?

Ananda Subasinghe
  • 1,265
  • 2
  • 13
  • 24

4 Answers4

108

There is a way to extend this to 60 days. described here: https://developers.facebook.com/docs/roadmap/completed-changes/offline-access-removal/ under Scenario 4: Client-side OAuth and Extending Access_Token Expiration Time through New Endpoint

Edit: In order to extend the access token you need to make the following request with your short lived access token:

https://graph.facebook.com/oauth/access_token?             
    client_id=APP_ID&
    client_secret=APP_SECRET&
    grant_type=fb_exchange_token&
    fb_exchange_token=EXISTING_ACCESS_TOKEN
Dan
  • 593
  • 8
  • 16
Yan Berk
  • 14,328
  • 9
  • 55
  • 52
  • 1
    Do I need to exchange my current access_token to get new access token when my current one expair every time after 60 days. Now when I pass offline_access as scop parameter seems to be it is not considering it and simply my access token is expaired within couple of hours. Can you explain how I get long live access token through facebook JavaScript sdk. Are there any settings or special parameters that I need to send along with. – Ananda Subasinghe May 07 '12 at 03:34
  • Offline access has been deprecated, so don't try to use it. I have edited my answer. – Yan Berk May 07 '12 at 05:48
  • Thanks Yan, This way we can update our existence user access_token into new long live access_token. That is fine. But still I have no idea how can I get a new access_token with 60 expiration time with facebook js sdk. Is their any special scope parameter or configuration related to this. – Ananda Subasinghe May 08 '12 at 09:43
  • 3
    You cannot get a 60 day access token using the js sdk. You can only extend it to 60 days after receiving the short lived access token first. – Yan Berk May 09 '12 at 08:19
  • 2
    And is there a way to extend this 60 days again without user interaction? – Glooh May 10 '12 at 11:08
  • @Yan But here: https://developers.facebook.com/roadmap/offline-access-removal/#page_access_token I read "By using a long-lived user access token, querying the [User ID]/accounts endpoint will now provide page access tokens that do not expire for pages that a user manages.". Does this mean they NEVER expire? I'm not after user access tokens, but page access tokens. – Glooh May 10 '12 at 11:34
  • 3
    Note that according to https://developers.facebook.com/docs/facebook-login/access-tokens/, because this request sends the APP_SECRET (and retrieves a long-lived user token) it should NOT be done client side, but rather on the server. – Excalibur Jul 31 '13 at 19:42
  • Hi is there a way to request the EXISTING_ACCESS_TOKEN from a URL? – Ebikeneser Oct 21 '13 at 11:00
  • 2
    @Excaliber: Sending the APP_SECRET as a get parameter still a little risky. It's visible in route and could be stored in access logs. It would be much better to send as a post parameter. Since this is an https call it would then be encrypted. Maybe facebook implemented it this way because of Same-origin / Cross domain rules. Would be nice if they put it in their server side SDKs instead. – Dan Feb 06 '14 at 15:51
  • @YanBerk, when i call this from the browser it give me a response , but when i call it using php code it is giving me an error like this: `Error validating access token: Session has expired on Friday, 17-Mar-17 04:38:48 PDT. The current time is Saturday, 10-Jun-17 00:44:35 PDT.` , any solution for this.I want to fetch new token because old token is expired. – chirag satapara Jun 10 '17 at 08:00
12

Due to a bug in Facebook, some users will have to unauthorize the app before Facebook will issue the long-lived tokens.

Steve Yeago
  • 341
  • 3
  • 8
  • 11
    Confirmed. After 7 hours of banging my head against the screen, removed the App from my account and the long-live token was returned. – Costa Aug 09 '12 at 04:29
  • Is this "Error validating client secret" error even though client secret is correct? – scott Feb 17 '18 at 12:19
0

I just made a Facebook Graph API call using 'axios'. You can find the client_id and client_secret from your App Dashboard.

getLongLiveToken = () => {
    window.FB.getLoginStatus(function(response) {
        if (response.status === 'connected') {
            let userAccessToken = response.authResponse.accessToken;
            axios.get(`https://graph.facebook.com/oauth/access_token?client_id=${clientId}&client_secret=${clientSecret}&grant_type=fb_exchange_token&fb_exchange_token=${userAccessToken}`)
            .then((response) => {
                console.log("Long Live Access Token");
                console.log(response.data.access_token);
             });
           }
       });
    }
<button onClick={ () => this.getLongLiveToken() } >Long Live Token</button>
AD B
  • 176
  • 2
  • 11
-2

add function to the javascript with following details: i hope it's works for you.

function getLongLiveToken(data){

        FB.api('oauth/access_token', {
            client_id: data.client_id, // FB_APP_ID
            client_secret: data.secret, // FB_APP_SECRET
            grant_type: 'fb_exchange_token',
            fb_exchange_token: data.access_token // USER_TOKEN
        }, function (res) {
            if(!res || res.error) {
                console.log(!res ? 'error occurred' : res.error);
            }else{
                var accessToken = res.access_token;
                if(typeof accessToken != 'undefined'){
                }
            }
        });
    }
Ankur Rupapara
  • 138
  • 8