I think this might effect a lot of Facebook/Android developers and yet there does not seem to be that much discussion on the topic...
My question
Has anyone successfully refreshed a token using the extendAccessTokenIfNeeded function? If you did have success, what version was the device (or emulator) running?
Background
I received an email from Facebook saying the offline_access permission will be deprecated from May 1st 2012 and Facebook recommended upgrading to their latest SDK. Fine.
I upgraded to the latest SDK, the official Facebook app is installed on my device and (eventually!) Single Sign On seems to be working OK. I am receiving 60 day tokens which again is OK.
Problems started when I tried to use extendAccessTokenIfNeeded(Context context, ServiceListener serviceListener). I could not get it to refresh my tokens for a longer expiry time. I waited 24 hours between attempts but the token would not refresh. The only way I can get a refreshed token is to log out and login. This also happened when I used the example project "Hackbook".
The most obvious answer is that I am doing something wrong, but, a bug report was submitted to Facebook saying that... "shouldExtendAccessToken will practically almost always return false." This report has been given the priority "wishlist".
Alternatives to the extendAccessTokenAsNeeded()
In the Facebook documentation about offline_access deprecation tokens can be extended using the Graph API. However this has the disadvantage of needing the "App Secret" being included in the URL. An advantage is that the user would not need to have the official Facebook app installed on their device.
Other ideas and concerns
By changing the extendAccessTokenIfNeeded function in Facebook.java to always return true, I think I got it to refresh once. (The reason I say "think" is because it won't repeat the behaviour and I suspect I have to wait another 24 hours before any chance of another success)
I notice that Hackbook requires AndroidHttpClient to be imported. This is only available for API 8 onwards. Does this mean that Facebook SSO (in particular token refreshing) is only likely to work on devices with API 8 and later?
The Facebook.apk included in the SDK is quite old. Perhaps this is why the tokens don't refresh on emulators running API 8 and later?
And lastly, all of this only relates to those people that have the official Facebook app installed! Another method needs to be completed for those people without the official Facebook app (just complaining now!)
Relevant Facebook links
Facebook-Android-SDK at GitHub
Facebook Android Tutorial
Facebook offline_access permission deprecation
Facebook bug report
Related Stack Overflow Questions
Facebook 60 day access token and Deprecated Offline_Access
Facebook access token can not be extended
How would offline_access work after deprecation after May 1st?
Facebook access token can not be extended
Protecting app secret for extendAccessToken usage (Java/Android)
When your app uses Facebook Login to authenticate someone, it receives a User access token. If your app uses one of the Facebook SDKs, this token lasts for about 60 days. However, the SDKs automatically refresh the token whenever the person uses your app, so the tokens expire 60 days after last use.
To get the Client Access Token for an app, do the following: Sign into your developer account. On the Apps page, select an app to open the dashboard for that app. On the Dashboard, navigate to Settings > Advanced > Security > Client token.
I don't know Android development, but if you're having issues with that function, maybe there's a similar function of CURL within Android that will allow you to call
https://graph.facebook.com/oauth/access_token?
client_id=APP_ID&
client_secret=APP_SECRET&
grant_type=fb_exchange_token&
fb_exchange_token=EXISTING_ACCESS_TOKEN
(google revealed: http://thesoftwarerogue.blogspot.com/2010/05/porting-of-libcurl-to-android-os-using.html on how to CURL from Android)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With