Menu
I'm trying to use the PHP sdk v4.0 to get a long term access token for PAGE management.
I'm grabbing the access token from the user's login (Yes, I'm grabbing the Page-specific access token). Then sending it to the endpoint as specified in documentation, but I'm not getting any results and I'm not getting any errors.
Could I know what is the correct code snippet to use?
This is the code I'm using so far
$endpoint = '/oauth/access_token?';
$endpoint .= 'grant_type=fb_exchange_token&';
$endpoint .= 'client_id='.$this->app_id.'&';
$endpoint .= 'client_secret='.$this->app_secret.'&';
$endpoint .= 'fb_exchange_token='.$access_token;
try {
$response = (new FacebookRequest(
$this->session, 'GET', $endpoint
))->execute();
// Do something with the response here but response is empty
} catch (FacebookRequestException $ex) {
echo $ex->getMessage();
} catch (\Exception $ex) {
echo $ex->getMessage();
}
723
At a high level, you obtain a long-lived token for the client by: Using a valid, long-lived access token, your server sends a request to get a code from Facebook. Facebook sends a code back to your server and you securely send this code to the client.
To get a long-lived User access token, send a GET request to the /oauth/access_token endpoint. Replace APP-ID , APP-SECRET , and SHORT-LIVED-USER-ACCESS-TOKEN with your information. This token is valid for 60 days.
When your app uses Facebook Login to authenticate someone, it receives a User access token. If your app uses one of the Facebook SDKs, this token lasts for about 60 days. However, the SDKs automatically refresh the token whenever the person uses your app, so the tokens expire 60 days after last use.
By default, an access token for a custom API is valid for 86400 seconds (24 hours).
There a several types of access tokens you can use with calls to Graph. Knowing which access token to use can be tricky.
If you want to make changes to the page and post on the page wall as the admin user, you'll need to use that user's access token.
You'll need to ask that user to log in with the manage_pages permission if you're planning on performing admin-specific actions on the page.
$helper = new FacebookRedirectLoginHelper($redirect_url);
echo '<a href="' . $helper->getLoginUrl(['manage_pages']) . '">Login</a>';
By default, you'll get a short-lived user access token from Facebook. I'm assuming you're using a database to store your access tokens. You'll need to exchange the short-lived user access token for a long-lived user access token and save the new token in the database.
$accessToken = $session->getAccessToken();
$longLivedAccessToken = $accessToken->extend();
echo (string) $longLivedAccessToken;
If you're storing the long-lived user access token in the database, as a best practice, you should use the token to generate a code and then generate another long-lived access token. This way you're not using the same access token for all the requests on behalf of the user every time. This minimizes the chances of your app being flagged as spam.
use Facebook\Entities\AccessToken;
$longLivedAccessToken = new AccessToken('{long-lived-access-token}');
$code = AccessToken::getCodeFromAccessToken($longLivedAccessToken);
$newLongLivedAccessToken = AccessToken::getAccessTokenFromCode($code);
If you want to post statues on the page and have the posts appear as if the page had posted the statuses you'll need to use a page access token.
Using a page admin's long-lived user access token, you can list the pages that that user administrates on the /me/accounts endpoint. You'll want to pull the access_token field which is the page access token. You can also pull the perms field to see which permissions the admin user has.
$request = new FacebookRequest($session, 'GET', '/me/accounts?fields=name,access_token,perms');
$pageList = $request->execute()->getGraphObject()->asArray();
If you use a short-lived user access token to obtain a page access token, the page access token will also be short-lived.
You could exchange the short-lived page access token with a long-lived page access token directly if you wanted to. This would give you a page access token that would last about 2 months.
$pageAccessToken = new AccessToken('{short-lived-page-access-token}');
$longLivedPageAccessToken = $pageAccessToken->extend();
However, if you use a long-lived user access token to obtain the page access token, the page access token will never expire.
You can think of page access tokens as "sub access tokens" to the page admin user access token. This is an important concept because page access tokens are associated with the admin user you obtained the page access token from.
Since there are different page admin roles that a page admin can have, that will limit the scope of the page access token if the admin user isn't assigned the role that grants them a specific permission you need.
85
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
