3

I'm using this tutorial (from the first answer on that page).

In short it uses a FB app, and PHP CURL GET to post to your Facebook page via HTTP. I have it working and can post to my page (as my page) with the correct token.

However, the page access token only lasts an hour, meaning you have to constantly re-authorize by generating a new token. How can I set-and-forget, or otherwise extend my token? I have read the facebook documentation but can't apply it to my scenario.

I just want to authorise once, receive a token and have my web form be able to post to my page.

Community
  • 1
  • 1
square_eyes
  • 1,269
  • 3
  • 22
  • 52

2 Answers2

5

The & symbol should be replaced with ? (question mark). Then it should work.

ex:

https://graph.facebook.com/oauth/access_token?grant_type=fb_exchange_token&client_id={app-id}&client_secret={app-secret}&fb_exchange_token={short-lived-token}
talonmies
  • 70,661
  • 34
  • 192
  • 269
NeliJ
  • 51
  • 1
  • 2
2

You get your page access token when you (the admin user) authenticate. The page token is based on your short-lived user token. In order to get a long-lived page token you need to get a long-lived user token. They usually last around two months.

Here's how you get a long-lived page token.

  1. Get a short-lived user token.
  2. Get your app ID and app secret.
  3. Make the following GET call: https://graph.facebook.com/oauth/access_token?grant_type=fb_exchange_token&client_id={app-id}&client_secret={app-secret}&fb_exchange_token={short-lived-token}.
  4. Now use the token returned from step 3 to create a new long-lived page token.
Paul
  • 6,061
  • 6
  • 39
  • 70
durrrutti
  • 1,020
  • 1
  • 8
  • 18
  • OK so will I have to do this every couple of months? Could I make a PHP CURL page, which I call periodically to tick this over? – square_eyes Jan 03 '14 at 00:44
  • You need to generate a new long-lived token from a short-lived one every 60 days or so, yes. In what way you choose to do that is up to you :) – durrrutti Jan 03 '14 at 00:48
  • 2
    Entering that directly as a URL I get `Missing redirect_uri parameter` OAuthException code 191 – square_eyes Jan 03 '14 at 00:50
  • Are you sure you are entering the right short-lived token? I did this just the other day, with a short-lived user token generated in the Graph API Explorer, and it works fine. – durrrutti Jan 03 '14 at 00:53
  • I'm using the one that is currently active and working with my web app. What is client secret? I used App secret there. – square_eyes Jan 03 '14 at 00:55
  • Everything between square braces, `{}`, is where you're supposed to enter your personal information. So, just replace `{app-id}` with your actual app ID etc. The `{short-lived-token}`, you replace with an active _user access token_, not your current page token. – durrrutti Jan 03 '14 at 01:02
  • Thanks, I understand. But it's not working. Furthermore the method (#4) described [here](https://developers.facebook.com/docs/roadmap/completed-changes/offline-access-removal/), if I read correctly, says the short term token can only be extended once before you need a new short lived token. How do all the other 3rd party apps maintain authentication? FYI I tried it with https and get a system error. `Error validating application. Cannot get application info due to a system error.", "type": "OAuthException", "code": 101` – square_eyes Jan 03 '14 at 01:05
  • Ok, to be honest with you, I'm not completely sure what's going on, but I got the same error as you did when I tried to create a new long-lived token for a new test app. After a while though, it suddenly worked. What I did was go into the app settings, turning on sandbox mode and entering a bogus URL under "Web site with Facebook login" (or something like that, mine's in Swedish. Then use this exact url: https://graph.facebook.com/oauth/access_token?grant_type=fb_exchange_token&client_id=APPID&client_secret=APPSECRET&fb_exchange_token=SHORTLIVEDTOKEN – durrrutti Jan 03 '14 at 01:34
  • OK it worked. I was putting my page ID in where app ID should be. What's the best method for automating this? – square_eyes Jan 03 '14 at 01:34
  • "At any point, you can generate a new long-lived token by sending the person back to the login flow used by your web app." But, as I wrote before, you need to go through the same process every two months. https://developers.facebook.com/docs/facebook-login/access-tokens/#extending – durrrutti Jan 03 '14 at 01:37
  • let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/44367/discussion-between-square-eyes-and-durrrutti) – square_eyes Jan 03 '14 at 01:41