1

I need to renew a long-lived access token. I read Renew long lived access token server side topic and wrote a code as follows:

<?php

$code = $_REQUEST["code"];

if(empty($code)) {

  $dialog_url = "https://www.facebook.com/dialog/oauth?"
    . "client_id=$app_id"
    . "&redirect_uri=$my_url"
    . "&scope=..."
    ;

  echo("<script> top.location.href='" . $dialog_url . "'</script>");
}
else
{
  $response = file_get_contents("https://graph.facebook.com/oauth/access_token?"
    . "client_id=$app_id"
    . "&redirect_uri=$my_url"
    . "&client_secret=$app_secret"
    . "&code=$code"
    );

  $params = null;
  parse_str($response, $params);
  $access_token=$params['access_token'];

  $response = file_get_contents("https://graph.facebook.com/oauth/access_token?"
    . "client_id=$app_id"
    . "&client_secret=$app_secret"
    . "&redirect_uri=$my_url"
    . "&grant_type=fb_exchange_token"
    . "&fb_exchange_token=$access_token"
    );
}

?>

On the first invocation it acquires 60-days access token all right. I expect that on the next invocations it would acquire another (may be with the same name) 60-days tokens, and I would see in the Debugger https://developers.facebook.com/tools/debug that issue time and expiration time changes, but the times do not change. What's wrong with my scenario?

Maksim Aniskov
  • 371
  • 2
  • 4

1 Answers1

1

Have you compared the tokens to each other? Facebook will send you back the existing access token when the same call is made in less than 24 hours. Also, tokens are set to not expire if you have also requested page tokens for the user. See my answer here: Facebook Page Access Tokens - Do these expire? for more info on this subject.

One way you can be sure to get a new token each time is if you revoke access by making an http DELETE call to /PROFILE_ID/permissions and then requesting a new token. The only bad thing about this is it will require you to put the user through the oAuth dialog again.

Community
  • 1
  • 1
rvaldron
  • 106
  • 3