Menu
I'm doing some testing in the wake of offline_access's expiration. I think that since all interactions my app makes with Facebook are done via my servers and are user initiated by user activity at several application end points (phone apps, website, desktop application) I can use an Application Access Token to publish to the wall on behalf of my users, assuming the application is still authorized even if the access token I requested during authorization is expired. That seems to be what the documentation here is implying with
Authenticating as an App allows you to obtain an access token which allows you to make request to the Facebook API on behalf of an App rather than a User. [...] App access tokens can also be used to publish content to Facebook on behalf of a user who has granted a publishing permission to your application.
App Access Tokens generally do not expire. Once generated, they are valid indefinitely.
However, I need to test this. So I need to expire some tokens. I tried using official test users which you create in the developer site, that can only interact with your app's sandbox and other users in it, but their tokens seem to be perpetually valid for one hour.
So I tried using a real facebook user that I created for this, and changing the password which I'd read is supposed to expire the token. But it doesn't. The token still reports valid in the debugger and I can still use it for many things, including publishing to my wall. I can even continue to use this token after logging out of the facebook site completely.
What gives? How can I get an expired access_token so that I can test my Application Access Token?
Edit: I think it's going to work. I created my application access token and used the CLIENT-SIDE flow to get an user access token that only lasted 2 hours, so I could actually just wait for it to expire. After the expiration I used the Graph API explorer to try to post a status update, which failed telling me when my token had expired. I then tried the same action using my application token which succeeded.
949
But it says right there in the documentation, just after the last line you quoted:
App Access Tokens generally do not expire. Once generated, they are valid indefinitely. However, if you need to invalidate your App Access Token for some reason, you can reset your App Secret in your app's settings. Once your App Secret has been reset, you will need to go through the steps below to generate a new app access token.
So for your testing purposes reset the app secret key.
Oh, I completely misunderstood you.
It's easier to invalidate a user token, you just use the me/permissions connection with a DELETE request.
That will remove the app for the logged in user.
You can try that from the explorer tool, just select DELETE on the select box left to the path field.
110
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
