7

Intro

I've got a little Facebook fan page I'm posting updates on. To do that I'm using a long lived access token which expires every 60 days with the permissions: 'manage_pages' and 'publish_stream'.

Upon researching I've found no "this is it" solution, so I went creating a new post describing my problem while linking up everything I've found so far as a summary. It grew a little large lol (my apologies).

To get a short lived access token I usually follow these steps as described here.

  • Go to https://developers.facebook.com/tools/explorer/ and select your app from the first drop down menu, in the left.
  • Click on the button "Get access token", and in the "Select Permissions" window, click in "Extended Permissions" and check manage_pages and publish_stream, and click in "Get Access Token" blue button.
  • You may be asked in this step to garant permissions to your app to access to your Facebook account, accept.
  • Next, click at the end of the text field next to the "GET" drop down, and replace the numbers for: me/accounts, and click in the blue button next to this text field.
  • You'll get the tokens for all your pages, including your app page. Find your page name in the list, will look like this: "name": "Your page name"
  • When you located your page, copy the access token for the page (will be really long), that can look like this: "access_token": "XXXXXXXX". Also copy the id of the page: "id": "XXXXX".

Using 

https://graph.facebook.com/oauth/access_token?
    client_id=[clientid]
    &client_secret=[clientsecret]
    &grant_type=fb_exchange_token
    &fb_exchange_token=[shortlivedaccesstoken]

Either in a browser or by curl request for example, I'm getting my 60 days long lived access token returned. (Source)

As the Facebook API documentation describes, long lived access tokens can not be refreshed. Of course I can refresh the token using above endpoint and get a new long lived token with the same expiry date returned.

EDIT: To create a post on the fanpage wall (as the page user) I'm doing sth. like this:

$this->fb = new Facebook(array(
    'appId' => [app-id],
    'secret' => [app-secret]
));

//~Get data from DB here~

//~some error handling in case data fetching failed~


$fbToken = '';
$fbToken = *[facebook access token]*;

$mediaData = array(
    'picture' => [picture-url],
    'message' => [message],
    'link' => [link],
    'name' => [name],
    'description' => [description],
    'access_token' => $fbToken
);

try {
    $post_id = $this->fb->api('/' . [fb-page-id] . '/feed', 'post', $mediaData);
} catch(FacebookApiException $e) {
    //log file output
}



Problem

You can only get a new long lived access token by using a short lived access token.
@maxim-aniskov describes a way to get a new short lived access token here. Running into the same problem, it works once at the first fetch. The accepted answer involves deletion of the current permissions.

Also, in this post it has been hinted in the comments that even a short lived access token cannot be refreshed without user interaction.

Finally as you can see there are many people running into the same fun here too.

Somewhere I've even read that an existing long lived access token can be refreshed but only if it's about-to-expire. There is no information in which timeframe 'about-to-expire' lies. (5 days ain't)

Ultimately none of them helped me any further.


Question

As a summary of the above mentioned~

How to get a new short lived access token with the previously used permissions (manage_pages and publish_stream) querying an API endpoint?

Is it really only possible by revoking a previously given access? The website I'm trying to refresh its access token for is about posting real time updates, so I'd like little to no downtime.. Instead of manually generating a new short lived token in the graph api explorer everytime the old token expired or is about-to-expire, I'd rather just press a single button to do that.


Community
  • 1
  • 1
Soo Star
  • 73
  • 1
  • 4
  • Your question is still incomplete. Do you want to post to the page on the page's behalf or the user's behalf? Since you fetched the page access token but you never used that token for posting; you are instead using the user's extended token? Why so? – Sahil Mittal Mar 29 '14 at 18:21
  • If you want to post as a page, you can have a never expiring token that could be used to do so :). Check the answer. – Sahil Mittal Mar 29 '14 at 19:07
  • @SahilMittal What would be a proper title for the question? hahah – Soo Star Mar 29 '14 at 21:29
  • The tile and explanation looks fine to me :) But you should not add answer to the question :/ – Sahil Mittal Mar 29 '14 at 21:32
  • @SahilMittal the Solution part? I'll remove it then D: – Soo Star Mar 29 '14 at 21:40

1 Answers1

3

You are quite confused with the flow actually! Let me explain you how this access token thing works-

First of all, the getting the access token from Graph API Explorer is just a way- not really the best way of course. (but in your case it seems fine since I think you are managing the page from your account only not for the other facebook users- correct me if I am wrong).

Generally, facebook integration is used to get access for a facebook user and perform some activities or get the user's data, and it is done by implementing the facebook login. The facebook login takes in to account the permissions user has granted and returns an access token- that's the user access token

Now, if you want to post on behalf of the page itself, you have to use the page's access token (API- /me/accounts). Now, the good thing is- you can extend the page access token that's never expires! I've explained the steps here.

If you want to post on behalf of the user/admin, you use the user access token which can be extended by making a \GET request that you've explained that already. Now when you said-

I've even read that an existing long lived access token can be refreshed but only if it's about-to-expire. There is no information in which timeframe 'about-to-expire' lies. (5 days ain't)

This statement is incorrect! You can extend the token at any point. Today you have a token with 60days expiry, tomorrow it can be extended again with upto 60 days expiry. To refresh the extended token, you have to repeat the steps you used to generate the extended token for the first time i.e.- obtain an access token (the normal one) with the login flow or the graph api explorer(yes- there's NO other way to get the access token) and make the \GET request to obtain the extended one. This is it!

You asked-

How to get a new short lived access token with the previously used permissions (manage_pages and publish_stream) querying an API endpoint?

Dont worry about this, next time whenever you try to get the access token it will have the permissions with it since you have authorized the app already. You dont need to take care of anything for this!

Edit

If you dont want to use the Graph API Explorer, you can write a small script, using JS/PHP/other language and implement the facebook login- get the access token- and extend that token (oh wait! you didnt tell how are you creating the posts? You can do that with your script only- simple enough!). Good luck!

Community
  • 1
  • 1
Sahil Mittal
  • 20,697
  • 12
  • 65
  • 90
  • I'll try that. Indeed I'm a little confused with the flow – Soo Star Mar 29 '14 at 19:04
  • PS. dont forget to mark this as correct/vote if helped. So that this ques can be closed. Good luck – Sahil Mittal Mar 29 '14 at 19:08
  • hahah okay I've got it I think. (PAGE_ID = the page name ofc -.-) ..the token returned by https://graph.facebook.com//{page-id}?fields=access_token&access_token={long-lived-token} says "Expires: never" in the token debugger :)) I'll try publishing with that then will mark your answer as correct. – Soo Star Mar 29 '14 at 20:17
  • Thank you ♡ I've updated the question to make it complete(r). I'll vote your answer up once I have enough reputation. lol – Soo Star Mar 29 '14 at 21:22