0

As the title suggests im wondering how i could obtain a never expiring facebook user access token. Which i would need to create a page access token at a later date. I tried using their graph explorer tool but i could only make it go up to 2 months of expiry date and for my use case that wouldnt be ideal.

To shortly explain my use case, on our website im trying to implement a facebook sharing system where each user could share what they wanted i.e posts on their facebook page (we are not using facebook login and the user would just give acces from their own dev tool panel if thats the correct approach). I got this to work BUT only with a acces token that would expire in 2-3months. So a user having to re-authenicate with our service every 2-3 months isnt ideal and wouldnt really work for us. So is there a way i can refresh that token programtically or does the user have to give a new user access token every couple of months.

I have tried following this answer but with no luck Long Lived access token Facebook Page and many similar answers to this. There is also a suggestion that you should contact facebook if you want a never expiring access token which this user suggested Generate permanent access token Facebook API.

Now im wondering if it even is possible do that in 2021 and if there is anything i missed in regards how to generate said tokens or refresh them.

EDIT:

I used the following requests to get the extended access token.

https://graph.facebook.com/oauth/access_token?client_id=<your FB App ID >&client_secret=<your FB App secret>&grant_type=fb_exchange_token&fb_exchange_token=<your short-lived access token>

After i got the token i used

https://graph.facebook.com/me/accounts?access_token=<your long-lived access token>

to get the extended access token.

newplayer
  • 25
  • 7
  • Extended page tokens do not have a default expiry. As long as the user who granted them does not change their password or something like that, they stay valid. – CBroe Feb 12 '21 at 10:52
  • _“we are not using facebook login and the user would just give acces from their own dev tool panel if thats the correct approach”_ - no, it’s really rather not. Implement proper login within your app; otherwise, you will likely have trouble getting this through the review process. – CBroe Feb 12 '21 at 10:53
  • But when i used their access token debug tool, it said expires in 2 months or is that something completely different? – newplayer Feb 12 '21 at 10:55
  • Which token are you talking about now? – CBroe Feb 12 '21 at 10:58
  • Right so the flow goes like this: short lived user acces token -> user extended access token -> and if the user token is extended so should be the page token, if i understand the whole process correctly, but when i debug either the extended user access token OR extended page access token they both show "expires" in 2 months – newplayer Feb 12 '21 at 11:02
  • For me, it says “Expires: Never”, for both the extended user token, and the page access token. Could depend on your app review status and what mode it is in though, I suppose. – CBroe Feb 12 '21 at 11:07
  • Could you provide what mode you used and your app review status? – newplayer Feb 12 '21 at 11:12
  • Simple app in dev mode, nothing reviewed at all. – CBroe Feb 12 '21 at 11:15
  • I just created a new test app with development on and still got expires in 2 months, could you take me through what you did to get it to never? Ill edit my answer to provide the request examples of what i did – newplayer Feb 12 '21 at 11:27
  • I clicked “open in access token tool” for my user access token in Graph API Explorer, then there I clicked “extend access token”, and then I got the page access token via a call to /me/accounts. – CBroe Feb 12 '21 at 11:30
  • Can you look at my edited answer and try to use the above requests to get the accss token. Because right now the only thing im sure of is that YES you can create an never expiring access token which helps me a ton! – newplayer Feb 12 '21 at 11:42
  • Yes, same result. The user token only becomes valid forever “by accident”, due to how Facebook has implemented the extended page tokens - because those are still tied to an existing user token, they needed to make the user token in question unlimited for the process to work as well. The user token will only become valid forever in the exchange process, if it includes page managing permissions to begin with - but that should be the case for you as well, otherwise you should not be able to get results from /me/accounts in the first place. – CBroe Feb 12 '21 at 11:48
  • I see so if i understood correctly with the full app review and everthing completed, the access token SHOULD become valid forever? and even if the expires at is a 2months its still valid forever? – newplayer Feb 12 '21 at 11:58
  • Don’t know if app review has anything to do with it, as I said, in my tests it works with an unreviewed app. And no, if it says expires in two month in the debug tool, then it probably won’t be valid forever. – CBroe Feb 12 '21 at 11:59
  • Oh i see so there is no "real" way to make them valid forever? 2 months is the best you can get? – newplayer Feb 12 '21 at 12:02
  • Yes, there is a way, as I said, for me it shows “Expires: Never”, and there is no reason to doubt that it actually means that. But I am not sure under what exact conditions, so you’ll have to do some more testing if that doesn’t work for you. – CBroe Feb 12 '21 at 12:10
  • What is your Graph API Version you are using, and what is the minimum API version your app can use? Might perhaps have something to do with that as well. – CBroe Feb 12 '21 at 12:11
  • Currently i was just using graph api v9.0 as that was the default option and it was set in the graph api explorer aswell. – newplayer Feb 12 '21 at 12:16

1 Answers1

2

To get page access token that never expires, take the following steps:

  1. Get user token
  2. Make this token long-lived, e.g. by clicking "Extend access token" at the bottom of the page: https://developers.facebook.com/tools/debug/accesstoken/
  3. Then, use this token to get page access token.

In Access Token Debugger the token will be marked as "Expires: never"

mef
  • 46
  • 4