How can I obtain a new 'authorization code' without an HTTP redirect?

Question

At this url, Facebook explains how to authenticate using Facebook Connect.

Basically, the steps are the following:

1. Redirect to facebook as the example. As a result I'll get an authorization code

   https://www.facebook.com/dialog/oauth?client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&scope=email,read_stream
   

2. Do a HTTP post to the following address, asking for an access_token

   https://graph.facebook.com/oauth/access_token?client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&client_secret=YOUR_APP_SECRET&code=THE_CODE_FROM_ABOVE
   

Facebook will answer the last HTTP post with an access_token. Fine.

---

The access_token received above expires. The number of seconds it will still be valid is returned along with the access_token. Ok.

The problem is: What should I do after it expires?

From Facebook oficial website:

In addition to the access token (the access_token parameter), the response contains the number of seconds until the token expires (the expires parameter). Once the token expires, you will need to re-run the steps above to generate a new code and access_token

Wait! I can't re-run the steps above because in order to obtain a new authorization code I would have to redirect (step1). I don't want to redirect. I want to obtain a new authorization code through a web-service. The user already authorized my application and I won't have an oportunity again to redirect him or her.

What should I do?

PS: Thinking logically, I wouldn't need to gain a new authorization code after access_token expires. A new access_token would be enough. But, as I showed, facebook says authorization code also expires.

Answer 1

You would want to use the "offline_access" permission. This allows the token to be long-lived. See the permissions page: http://developers.facebook.com/docs/authentication/permissions/ .