Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Given a Facebook access token, how can I get the permissions it has?

One use case is the following.

I ask for a Facebook access token to new users with the offline_access permission and I store it for later use. If the user remove in his settings the offline_access permission the token becomes invalid.

I would like to be able to test (maybe using the graph API) if the token I have still have the permissions I asked for, without waiting the user to log out to try to make an API call.

like image 839
Quentin Avatar asked May 28 '11 03:05

Quentin


People also ask

Where do I find app permissions on Facebook?

Tap in the top right of Facebook. Scroll down and tap Settings. Go to the Permissions section and tap Apps and Websites. Go to Apps, Websites and Games and tap Edit.

How do I use access tokens?

Access tokens are used in token-based authentication to allow an application to access an API. The application receives an access token after a user successfully authenticates and authorizes access, then passes the access token as a credential when it calls the target API.

What is a Facebook access token used for?

An access token is an opaque string that identifies a user, app, or Page and can be used by the app to make graph API calls. When someone connects with an app using Facebook Login and approves the request for permissions, the app obtains an access token that provides temporary, secure access to Facebook APIs.

Can I share the personal access token?

It's unlikely that you should ever share a personal access token, but if you have a bot account used by the whole team, then sharing the tokens could also be okay.


2 Answers

Just call the Permissions graph api method. You could parse the json response and look to see if "offline_access" exists or not. The url format is: https://graph.facebook.com/me/permissions?access_token=... You can access an example of it by going here and clicking the permissions link there. The

like image 178
bkaid Avatar answered Oct 24 '22 06:10

bkaid


You can also use their debug tool to check a token, useful for confirming the level a token has and what it has access to for debugging:

https://developers.facebook.com/tools/debug/accesstoken/

like image 26
The Coder Avatar answered Oct 24 '22 07:10

The Coder