0

I am making a web app that pulls the latest posts from our Facebook page and processes them. This is all working fine with a hard-coded access token generated from this page.

The problem is that this token expires, so i am looking for a solution to generate a new token every time the page loads or a non-expiring token - (i have read somewhere that non expiring tokens don't exist anymore).

So of course i did some research, here, here and here.

But non of these examples seem to be working.

Before any complaints of some code that i have tried so far, this is my working example - with an expiring access token:

var Facebook = function () {
    this.token = 'MYTOKEN';
    this.lastPost = parseInt((new Date().getTime()) / 1000);
    this.posts = [];
};

Facebook.prototype.GetPosts = function () {
    var self = this;
    var deffered = $q.defer();
    var url =  'https://graph.facebook.com/fql?q=SELECT created_time, message, attachment FROM stream WHERE created_time < ' + self.lastPost + ' AND source_id = 437526302958567 ORDER BY created_time desc LIMIT 5&?access_token=' + this.token + '';
    $http.get(url)
        .success(function (response) {
            angular.forEach(response.data, function (post) {
                self.posts.push(new Post(post.message, post.attachment.media, post.attachment.media[0].src, post.created_time, 'facebook'));
            });
            self.lastPost = response.data[response.data.length -1].created_time;
            deffered.resolve(self.posts);
            self.posts = [];
        });
    return deffered.promise;
};
return Facebook;

Any help / suggestion will be greatly appreciated.

Community
  • 1
  • 1
Chancho
  • 1,930
  • 2
  • 15
  • 20
  • The second link you provided is the solution I use to get non-expiring access tokens, which works for me, but only if you use the Graph Explorer in v1.0 and not v2.0. What I don't like in your approach is that you store the Access Token in the frontend, meaning that everybody can see it. – Tobi Jun 18 '14 at 14:51

1 Answers1

1

First off, it is important to remember that Facebook has just launched the Version 2 of the Graph API. From April 2014 on, if you have issues with your app, you need to tell us when you created it on Facebook Developers (new apps use the Version 2 by default).

In order manage pages, your app needs to have manage_pages permission. Make sure that the user you want to manage fan pages for has authorized you. If your app uses the Version 2, make sure that Facebook (the Facebook staff) has authorized you to ask users that kind of permission, otherwise your app won't work.

Once you get your token, exchange it for a permanent token (or a token with long expiry date). Make sure you use the token of the fan page, not the token of the user.

If instead you want to read the stream of public fan pages, you need an access token with read_stream permissions. This permission needs to be approved by Facebook (see above) and this specific type of permission takes time to approve, if you're using the Version 2 of the Graph API. If you're using the old API (Version 1), you can still do that without pre-approval on Facebook's side. The URL to ask for the permission to read the stream is as follows: https://www.facebook.com/dialog/oauth?client_id=$YOUR_APP_ID&redirect_uri=$YOUR_URL&scope=read_stream,manage_pages (i've added manage_pages in this case, you may not need it). That url will prompt for authorization. Once the user has authorized the app, you'll be recirected to the URL you chose, with a code= variable. At that point, call this other url:

 https://graph.facebook.com/oauth/access_token?client_id={$app_id}&redirect_uri=$someurl&client_secret={$app_secret}&code={$code}

You'll get a response that has the access_token=variable in it. Grab that access token, exchange it for a long one, with the following URL:

https://graph.facebook.com/oauth/access_token?grant_type=fb_exchange_token&client_id={$app_id}&client_secret={$app_secret}&fb_exchange_token={$token_you_have_just_grabbed}

The response will give you a token that lasts for some time. Previously, Facebook had decided to have these "long duration tokens" expire after one month. I have found out, though, that they may have changed their mind: if you put a user token in the debugger, you'll see it never expires. This is the authorization flow for users who visit with a browser. There's the app authorization flow too. If all you need is a stream from your own Fan page, you want to do the following (with Graph API V.1):

  • make an HTTP GET request using the following URL: https://graph.facebook.com/oauth/access_token?type=client_cred&client_id={$app_id}&client_secret={$app_secret}

  • Use the resulting token to make another HTTP GET call, like so: https://graph.facebook.com/{$your_page_id}/feed?{$authToken}&limit=10 //ten posts

  • Decode the json object

You're done.

tattvamasi
  • 845
  • 1
  • 7
  • 14