11

I would like to know if it is possible to have an access token that never expires for post to my page

Now I get the access token with:

https://graph.facebook.com/me/accounts

I have publish_stream and manage_pages permission, but using the Access Token Debugger I see that the token expires in about 1 hour. Is there a way to never expires?

BartoszKP
  • 34,786
  • 15
  • 102
  • 130
Marco Caltagirone
  • 1,206
  • 1
  • 14
  • 23

5 Answers5

16

See facebook developers:

By using a long-lived user access token, querying the [User ID]/accounts endpoint will now provide page access tokens that do not expire for pages that a user manages.

So, you have to exchange your initial shortlived token for a longlived token with a server side call:

https://graph.facebook.com/oauth/access_token?
client_id=APP_ID& client_secret=APP_SECRET& grant_type=fb_exchange_token& fb_exchange_token=EXISTING_ACCESS_TOKEN

And then query me/accounts with that longlived token. Definitly works for us, i.e. the debugger shows: 'Expires: Never'

edit - our process

So, what we do is:

  • first client side authentication with our app where we get a "code" back after the user accepts the requested permissions and connects his account with our app

    https://www.facebook.com/dialog/oauth? client_id=YOUR_APP_ID &redirect_uri=YOUR_REDIRECT_URI &scope=COMMA_SEPARATED_LIST_OF_PERMISSION_NAMES &response_type=code

  • Now in our server application we use server side authentication to exchange code for access token:

    https://graph.facebook.com/oauth/access_token? client_id=YOUR_APP_ID &redirect_uri=YOUR_REDIRECT_URI &client_secret=YOUR_APP_SECRET &code=CODE_GENERATED_BY_FACEBOOK

  • With this access_token we do the server side exchange as described above

  • Now we request me/accounts and the resulting access_token is always valid

Hope that helps

Pete
  • 10,720
  • 25
  • 94
  • 139
  • 1
    thanks Pete, but when i make that call i have this error response { "error": { "message": "An unknown error has occurred.", "type": "OAuthException", "code": 1 } } – Marco Caltagirone Oct 03 '12 at 10:37
  • EXISTING_ACCESS_TOKEN is the app token or the page token? perhaps i miss somethings :( – Marco Caltagirone Oct 03 '12 at 11:04
  • 2
    @Pete: Are you sure that the debugger shows `Expires:Never` because for me it shows `Expires: 1354445684 (in about 2 months)` – RanRag Oct 03 '12 at 11:07
  • @MarcoCaltagirone: I am not an expert but I believe `EXISTING_ACCESS_TOKEN` is the `page/user` access token. – RanRag Oct 03 '12 at 11:15
  • but if i use the page access token as EXISTING_ACCESS_TOKEN i have this error { "error": { "message": "An unknown error has occurred.", "type": "OAuthException", "code": 1 } } – Marco Caltagirone Oct 03 '12 at 11:24
  • 2
    I'm sorry, been away.. I'll edit my answer with the authentication process we use.. But for us EXISTING_ACCESS_TOKEN is a user access token that you need to request accounts. Theoreticly you should be able to also use a page access token for the exchange. – Pete Oct 03 '12 at 12:12
  • @Pete: I am a little confused because after following the above procedure I still got a token that expires in `two months` and [facebook docs](https://developers.facebook.com/roadmap/offline-access-removal/) also states that according to the new policy one can extend the `short lived` token to `maximum 60 days.` So, how are you able to get it to `Never Expire`. Sorry for being noobish but am new to facebook api. – RanRag Oct 03 '12 at 15:35
  • Huh, that's strange. Like I said in my post, this should explicitly work as stated by the facebook docs. I think page access tokens are the exception here. All other tokens will eventually expire but requesting /accounts with a long lived token should yield an "imortal" page access token token for all the account's pages ;). Not sure why it doesn't work for you.. – Pete Oct 04 '12 at 05:07
  • Really works! Thanks a lot :) See pic from debugger [here](http://cl.ly/image/2F3q0w3K113d). – rapcal Sep 07 '13 at 05:06
  • Its documented now. https://developers.facebook.com/roadmap/offline-access-removal/#page_access_token – Jeyara Oct 16 '13 at 03:16
  • URL is now: https://developers.facebook.com/docs/roadmap/completed-changes/offline-access-removal/ It appears to work for me as well. I see "Expires: never" when I debug the token here: https://developers.facebook.com/tools/debug/accesstoken – François Jun 16 '14 at 19:44
  • There is a much easier way now explained in second half of this article: https://www.rocketmarketinginc.com/blog/get-never-expiring-facebook-page-access-token/ – jetlej May 23 '16 at 14:46
4

I've simplified Pete's answer a bit and added the step to get a non-expiring page access token:

  1. access the following URL and note the returned access token within the browser's address bar:

    https://www.facebook.com/dialog/oauth?client_id=APP_ID&redirect_uri=REDIRECT_URI&scope=manage_pages,publish_stream&response_type=token

  2. access the following URL and within the returned data find the desired page's name and note the access token:

    https://graph.facebook.com/me/accounts?access_token=ACCESS_TOKEN_RETURNED_FROM_STEP_1

  3. access the following URL and note the returned access token:

    https://graph.facebook.com/oauth/access_token?client_id=APP_ID&client_secret=APP_SECRET&grant_type=fb_exchange_token&fb_exchange_token=PAGES_ACCESS_TOKEN_FROM_STEP_2

  4. use the Access Token Debugger to ensure your access token's profile ID matches the desired page's ID and it never expires

tpayne
  • 81
  • 4
  • Does it matter what the Redirect URI is? What if we're doing something that is server-to-server and does not involve a browser or a web application? I can stand something up if I have to, but I'd rather not. – Don Rolling Dec 15 '14 at 21:29
2

There is a MUCH easier way to do this as of 2016 :)

  1. Go to https://developers.facebook.com/tools/explorer

  2. Select your app from the dropdown on the top right hand side

  3. Click “Get Access Token” button just below the application dropdown on the right hand side

  4. In the dropdown select the page you want to get a access token for. If you don’t see your pages listed then you’ll need to make sure you’re set with the admin role for the page. Also you may have to click “Get Page Access Token” in the dropdown, after which then your pages will show in the dropdown next time you click the “Get Access Token” button.

  5. Click the blue exclamation point icon in the “Access token” input field

  6. Click the “Open in Access Token Tool” button on the bottom right of the popup

  7. Click the “Extend Access Token” button to get an token that never expires

Original info from this article: https://www.rocketmarketinginc.com/blog/get-never-expiring-facebook-page-access-token/

jetlej
  • 3,382
  • 6
  • 29
  • 41
  • Thanks for your answer, but not everyone is looking to get access to _their_ page from _their_ account. Please specify in the answer. – Alexandre G May 01 '19 at 07:05
1

Ok so it took about a week of research but here is my solution. in the https://developers.facebook.com/tools/explorer/ make sure that you have manage_page as part of your access_token. after that use this code with your app id, secret, and redirect:

<?php
   app_id = "APP_ID";
   $app_secret = "APP_SECERET";
   $post_login_url = "REDIRECT_URL";


   $code = $_REQUEST['code'];

   //Obtain the access_token with publish_stream permission 
   if(empty($code)){ 
      $dialog_url= "http://www.facebook.com/dialog/oauth?"
       . "client_id=" .  $app_id 
       . "&redirect_uri=" . urlencode( $post_login_url)
       .  "&COMMA_SEPARATED_LIST_OF_PERMISSION_NAMES";
      echo("<script>top.location.href='" . $dialog_url 
      . "'</script>");
     }
    else {


      $token_url="https://graph.facebook.com/oauth/access_token?"
       . "client_id=" . $app_id 
       . "&redirect_uri=". urlencode($post_login_url)
       . "&client_secret=" . $app_secret
       . "&code=" . $code;
      $response = file_get_contents($token_url);
      $params = null;
      parse_str($response, $params);
      $access_token = $params['access_token'];
      echo 'access token: ' . $access_token.'<br>';

        if($access_token){


          $token_url="https://graph.facebook.com/oauth/access_token?"
       . "client_id=" . $app_id 
       . "&redirect_uri=". urlencode($post_login_url)
       . "&client_secret=" . $app_secret
       .'&grant_type=fb_exchange_token'
       . "&fb_exchange_token=" . $access_token;
       $response = file_get_contents($token_url);
       $access_token = $params['access_token'];
       echo 'new access token: '.$access_token;

        }
    }*/

?>

After that copy the 'new access token' and go back to https://developers.facebook.com/tools/explorer/ When you get there past in your new access token into the the access token field. Then click submit. After that in the node you will see a +____ click on this and scroll down to the accounts and click that. find the page that you need the access token for and copy and paste it into the access key field. click debug and you will see that it will never expire. save that token it will stay valid as long as you do not reset your apps secret.

Aaron Dartt
  • 29
  • 2
0

You can use following api from facebook to refresh token life to 60 days and just when the token is about to expire, call the same api again with-in 60 days to refresh its life back to 60 days from that point of time Token expire is present in expires parameter and its value is in seconds

Replace CLIENT_ID and CLIENT_SECRET with their actual value

https://graph.facebook.com/oauth/access_token?client_id=&client_secret=&grant_type=fb_exchange_token&fb_exchange_token=

in ACCESS_TOKEN, put the actual token value without appending "access_token="

Harsh Gupta
  • 197
  • 6