What is the difference between the two and when do you use it?
https://developers.facebook.com/docs/authentication/server-side/
vs
https://developers.facebook.com/docs/opengraph/using-app-tokens/
It's all in those files you linked, but to try to simplify:
- The App Access token is when you authorise your App (at a server level) to do certain actions such as reading insights, changing parameters of the app.
- The User access token is when the user authorises your app to act on their behalf (at either server or a client/browser level). The user can limit permissions extended to your app by the permissions dialog.
Where there is cross over:
- The App Access Token can get info about a user (who has previously authenticated the app). This information is limited. It is useful if you no longer have a valid token for a user but need to verify their name has not changed, for example. You cannot get all the other juicy details about a user - for this, you need to have a User Access Token
- The App Access Token can also post to a users wall as the app (if the user granted permission). This is slightly different from posting to the user's wall as the user, which is what you do with a user access token. Essentialy the same thing, it's just that the user can "fake" their own posts as they have their access token, but they can't fake the ones coming from your app when signed with your app token (which is kept secret).
Hopefully that's summing it up in a nutshell?
Menu
850
