How do I get a page Access Token that does not expire?

Question

I would like to know if it is possible to have an access token that never expires for post to my page

Now I get the access token with:

https://graph.facebook.com/me/accounts

I have publish_stream and manage_pages permission, but using the Access Token Debugger I see that the token expires in about 1 hour. Is there a way to never expires?

Answer 1

See facebook developers:

By using a long-lived user access token, querying the [User ID]/accounts endpoint will now provide page access tokens that do not expire for pages that a user manages.

So, you have to exchange your initial shortlived token for a longlived token with a server side call:

https://graph.facebook.com/oauth/access_token?
client_id=APP_ID& client_secret=APP_SECRET& grant_type=fb_exchange_token& fb_exchange_token=EXISTING_ACCESS_TOKEN 

And then query me/accounts with that longlived token. Definitly works for us, i.e. the debugger shows: 'Expires: Never'

---

edit - our process

So, what we do is:

• first client side authentication with our app where we get a "code" back after the user accepts the requested permissions and connects his account with our app

  https://www.facebook.com/dialog/oauth? client_id=YOUR_APP_ID &redirect_uri=YOUR_REDIRECT_URI &scope=COMMA_SEPARATED_LIST_OF_PERMISSION_NAMES &response_type=code

• Now in our server application we use server side authentication to exchange code for access token:

  https://graph.facebook.com/oauth/access_token? client_id=YOUR_APP_ID &redirect_uri=YOUR_REDIRECT_URI &client_secret=YOUR_APP_SECRET &code=CODE_GENERATED_BY_FACEBOOK

• With this access_token we do the server side exchange as described above

• Now we request me/accounts and the resulting access_token is always valid

Hope that helps

Answer 2

I've simplified Pete's answer a bit and added the step to get a non-expiring page access token:

1. access the following URL and note the returned access token within the browser's address bar:

   https://www.facebook.com/dialog/oauth?client_id=APP_ID&redirect_uri=REDIRECT_URI&scope=manage_pages,publish_stream&response_type=token

2. access the following URL and within the returned data find the desired page's name and note the access token:

   https://graph.facebook.com/me/accounts?access_token=ACCESS_TOKEN_RETURNED_FROM_STEP_1

3. access the following URL and note the returned access token:

   https://graph.facebook.com/oauth/access_token?client_id=APP_ID&client_secret=APP_SECRET&grant_type=fb_exchange_token&fb_exchange_token=PAGES_ACCESS_TOKEN_FROM_STEP_2

4. use the Access Token Debugger to ensure your access token's profile ID matches the desired page's ID and it never expires