Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Facebook Page Access Tokens - Do these expire?

I'm building an app that allows users to administrate their Facebook Fan Pages. This requires the following two Access Tokens:

  1. A User Access Token
  2. A Page Access Token

I'm quite familiar with User Access Tokens, but not with Page Access Tokens.

Does anybody know how long the Page Access Token remains valid? All I can find on the Facebook website is this succinct paragraph, which doesn't mention anything about it's expiry.

Can I assume that if I am requesting the User Access Token with the offline_access permission the Page Access Token will also last indefinitely (unless the user changes their password or manually deauthorises my app)?

I'm asking because I want to know how often I should query the Facebook Graph API and acquire Page Access Tokens. Should I simply request them once when the user registers? Or should I request them one each API Call in the event they continuously change? The latter is obviously more taxing!

like image 722
dbau Avatar asked Oct 08 '11 11:10

dbau


People also ask

How long does a Facebook access token last?

When your app uses Facebook Login to authenticate someone, it receives a User access token. If your app uses one of the Facebook SDKs, this token lasts for about 60 days. However, the SDKs automatically refresh the token whenever the person uses your app, so the tokens expire 60 days after last use.

Does access token expire?

By default, access tokens are valid for 60 days and programmatic refresh tokens are valid for a year. The member must reauthorize your application when refresh tokens expire.

How do I get Facebook access token that never expires?

In the Access Token Debugger that will open up, click on the 'Extend Access Token' button at the bottom of the page. A new access token should be displayed and the text above it should say that it never expires.


2 Answers

Page Tokens expire when the access token expires for the user that the page token was generated from. Edit 6.28.2013: If you extend the user access token and obtain a new page access token for the user, that page token will not expire unless the user de-authorizes your app.

Offline access has now been deprecated, but you are allowed to extend an access token to last for 60 days. If you extend the user's access token, then the page tokens generated from that user account will also have their expiration extended to match will not expire (edited 6.28.2013). The value for the page tokens may change after being extended, so be sure to grab new page tokens from the user's /accounts graph connection after extending the user token.

You can continue to extend these access tokens once per day. So you should regenerate the access tokens each day that the user interacts with your app.

See https://developers.facebook.com/docs/facebook-login/access-tokens/#pagetokens https://developers.facebook.com/docs/facebook-login/access-tokens/#extending https://developers.facebook.com/docs/facebook-login/
https://developers.facebook.com/roadmap/offline-access-removal/ https://developers.facebook.com/blog/post/2011/05/13/how-to--handle-expired-access-tokens/

like image 53
rmarscher Avatar answered Sep 19 '22 07:09

rmarscher


You can extend a page access token to make it never expire. The documentation is a little muddy, but the following pages have pertinent information, and you will obviously need to be an administrator of the page. Pay close attention to scenario 4 and 5 at the second link.

https://developers.facebook.com/docs/reference/api/page/#page_access_tokens https://developers.facebook.com/roadmap/offline-access-removal/#page_access_token

It is simple using the graph explorer to retrieve tokens from Facebook. The graph explorer also allows you to debug the token which will list the expiration date, thus you can verify that it never expires. Graph Explorer: https://developers.facebook.com/tools/explorer

Click on the Get Access Token button to retrieve your token. Keeping your id in the query bar, simply append /accounts to your id, so that it looks like this: /123456789101112/accounts. Make sure it is a GET request (The drop-down to the left of the query bar).

This will retrieve all pages that you are configured to work with. You then need to make a GET request to:

/oauth/access_token?client_id=APP_ID&client_secret=APP_SECRET&grant_type=fb_exchange_token&fb_exchange_token=EXISTING_ACCESS_TOKEN  

Your APP_ID and APP_SECRET can be found in your applications administration settings. Use your personal access token as the final parameter (EXISTING_ACCESS_TOKEN). This will return a 60 day personal access token. Copy this token into the Access Token bar, which is above the query bar. Now make a GET request to USER_ID/accounts like we did towards the beginning. This will again return a list of pages that you are configured to work with.

But this time the page tokens that are listed with the pages do not expire. You can check this by copying a page token into the Access Token bar, and clicking the Debug button. This will give you details on that access token, including the expiration time, which should be never in this case.

UPDATE

I have also found that Facebook's graph explorer sometimes get confused with user context, and may not be reliable at all times. Alternatives are Fiddler or Postman.

like image 32
Simon.Ponder Avatar answered Sep 20 '22 07:09

Simon.Ponder