Facebook PHP SDK: getting "long-lived" access token now that "offline_access" is deprecated

Question

BASIC PROBLEM: I want my app to be able to make calls to the Facebook graph api about authorized users even while the user is away.

For example, I want the user (A) to authorize the app, then later I want user (B) to be able to use the app to view info about user (A)'s friends. Specifically: the "work" field. Yes, I am requesting those extended permissions (user_work_history, friends_work_history, etc). Currently my app has access to the logged-in user's friends work history, but not to any of the friends' work history of other users of the app.

Here's what I know already:

• Adding offline_access to the scope parameter is the old way and it no longer works.
• The new way is with "long-lived" access tokens, described here. These last for 60 days.

• I need to exchange a normal access token to get the new extended token. The FB documentation says:

  https://graph.facebook.com/oauth/access_token?
  client_id=APP_ID& client_secret=APP_SECRET& grant_type=fb_exchange_token& fb_exchange_token=EXISTING_ACCESS_TOKEN

Here's what I don't know (and I'm hoping you can tell me): How do I get the extended (aka "long-lived") access token using the Facebook PHP SDK? Currently, my code looks like this:

$facebook->getAccessToken();

Is there such a thing as this?:

$facebook->getExtendedAccessToken();

If not, is this what I should be doing?

$accessToken = $facebook->getAccessToken();
$extendedAccessToken = file_get_contents("https://graph.facebook.com/oauth/access_token?             
    client_id={$appId}&
    client_secret={$secret}&
    grant_type=fb_exchange_token&
    fb_exchange_token={$accessToken}"
    );

I've tried it and it doesn't work. I get this error:

Warning: file_get_contents(https://graph.facebook.com/oauth/access_token? client_id=#######& client_secret=#########& grant_type=fb_exchange_token& fb_exchange_token=##########) [function.file-get-contents]: failed to open stream: HTTP request failed! HTTP/1.0 400 Bad Request in /...

Does it work any differently if I switch to FQL instead of the graph api? I've read through the Facebook documentation many times, but the PHP sdk is not thoroughly documented and I can't find any examples of how this should work.

Answer 1

I finally figured this out on my own. The answer is pretty anti-climactic. It appears that newly created apps get 60 day access tokens automatically. I'm not sure if this is dependent on enabling the "depricate offline_access" setting in the Migrations section of the app settings. Leave it on to be safe.

So at the time of writing this, you can use the PHP SDK as follows: $facebook->getAccessToken();

(The reason my app wasn't working as expected was unrelated to the expiration of the access token.)

Just one more thing, to get long-lived access token using PHP SDK you should call $facebook->setExtendedAccessToken(); before $facebook->getAccessToken();