1

My overall goal is to simply display posts from my Facebook page onto a website, but I feel like I'm missing something important, making this seemingly simple task quite difficult!

I have set up my app in Facebook Developer and generated a test access token via the Graph API Explorer to test out the example set out on https://developers.facebook.com/docs/reference/php/examples, shown below, which uses the PHP SDK. This works fine.

<?php

require_once __DIR__ . '/vendor/autoload.php'; 

$fb = new \Facebook\Facebook([
  'app_id' => '{your-app-id}',
  'app_secret' => '{your-app-secret}',
  'graph_api_version' => 'v5.0',
]);

try {
  $response = $fb->get('/me?fields=name,hometown', '{access-token}');
} catch(\Facebook\Exceptions\FacebookResponseException $e) {
  echo 'Graph returned an error: ' . $e->getMessage();
  exit;
} catch(\Facebook\Exceptions\FacebookSDKException $e) {
  echo 'Facebook SDK returned an error: ' . $e->getMessage();
  exit;
}

$me = $response->getGraphUser();
echo 'All the data returned from the server: ' . $me;
echo 'My name is ' . $me->getName();
$hometown = $me->getHometown();
$hometown_name = $hometown->getName();
echo 'My hometown is ' . $hometown_name;

?>

However, given that the access token will expire, I am under the impression I should therefore request a new token when someone visits the website (assuming the previous one has expired, and assuming I store it for use during the period it is active). Is this correct? If so, I am failing to figure out how to generate a token in these circumstances. There are posts like this one from 7 years ago ( Facebook PHP SDK dealing with Access Tokens ) but can't seem to make anything work with the example I'm using (presumably because it is an older version of the SDK).

Can anyone assist with how I generate a new token to allow my basic feed to work without manual creation of an access token? Surely this is just basic stuff but it is baffling me. I have seen references to using the format '{your-app-id}|{your-app-secret}' to create an access token but this seems to create an app token that doesn't do the job.

Any help would be much appreciated!

Thank you!

Tim
  • 118
  • 8

1 Answers1

1

I've been struggling with this in the past as well. So don't worry :) The relevant part what you're looking for is a "Long-Lived Access Tokens". Here is the documentation to it:

https://developers.facebook.com/docs/facebook-login/access-tokens/refreshing/

Christoph Kluge
  • 1,947
  • 8
  • 23
  • Thanks Christoph. I had seen this but I think I got stuck around the fact that this still requires a short-lived User access token - would this be the one I manually create initially? Am I right in saying the documentation implies the long-lived token would refresh each time someone visited the website, therefore I would only have an issue if no-one visited the website for 60 days? I see there are references to iOS, Android and the JS SDK - any idea if this is the case with the PHP SDK? – Tim Mar 01 '20 at 19:57
  • 1
    @Tim your site visitors have nothing to do with this in the first place - you are not using a user access token for their account, you are using a page access token that allows access to your page. Your visitors are not involved in that at all. – CBroe Mar 02 '20 at 08:04
  • @CBroe Ok, thanks, but because the token expires is it not the case that the action of loading the page/requesting the data will then mean the token can be refreshed if necessary, else if no were no visitors for 60 days the token would expire? – Tim Mar 02 '20 at 08:54
  • 1
    You are going to need a short-lived user access token for _your_ account first of all. That means _you_ need to interact with Facebook in your browser, your site visitors have _nothing_ to do with this. – CBroe Mar 02 '20 at 09:01
  • @CBroe yes, sorry, I understand that, I am referring to the subsequent long-lived access token that I generate from that when the page is requested. It seems to me from testing this out that the long-lived token gets updated each time the page is requested, and therefore I'm thinking I won't have any expiration problems providing the site is used within the timeframe. – Tim Mar 02 '20 at 09:40
  • 1
    I would not rely on that; according to docs, this automatic renewal should only affect the long-lived user token, I am not sure that automatically “propagates” to any page tokens acquired using the user token. Plus, this automatic refresh happens for iOS/Android, or JavaScript SDK - which aren’t even in play here. – CBroe Mar 02 '20 at 09:49
  • @CBroe Ok thanks. Looks like a Long-Lived Page Access Token might be what I need as documentation specifies it does not have an expiration date but failing to obtain it via the URL specified. At a loss really at what I am supposed to do! Obtain short-lived user token, then long-lived user token, then long-lived page token...? Just can't get my head around the process of the whole thing. – Tim Mar 02 '20 at 18:53
  • Used URL "https://graph.facebook.com/me/accounts?access_token=" without an API version specified and that returned a page token with expiry date of 'Never'. So fingers crossed I should be good... thanks for pointing me in the right direction (well I assume it is!) – Tim Mar 02 '20 at 19:04