Menu
When we do oauth2 on google api, we get an access token and a refresh token. Suppose I'm writing a service and I want to periodically poll for changes I can just use refresh token to get fresh access tokens every time the current access token gets invalidated. This is called offline access.
Is there any way to do the same in facebook? Is there an offline access version similar to that of google api.
Thanks.
253
The lifetime of a refresh token is much longer compared to the lifetime of an access token. Refresh tokens can also expire but are quiet long-lived. When current access tokens expire or become invalid, the authorization server provides refresh tokens to the client to obtain new access token.
An access token is an opaque string that identifies a user, app, or Page and can be used by the app to make graph API calls. When someone connects with an app using Facebook Login and approves the request for permissions, the app obtains an access token that provides temporary, secure access to Facebook APIs.
A refresh token is a special token that is used to obtain additional access tokens. This allows you to have short-lived access tokens without having to collect credentials every time one expires.
To get a refresh token , you must include the offline_access scope when you initiate an authentication request through the /authorize endpoint. Be sure to initiate Offline Access in your API. For more information, read API Settings.
For offline access, you need to exchange your short-lived access token for a new access token, before it expires. Facebook has a single type of access token (no refresh tokens). A about-to-expire access token should fetch you a new access token.
To manually extend the tokens using a Graph API endpoint ::
GET /oauth/access_token?
grant_type=fb_exchange_token&
client_id={app-id}&
client_secret={app-secret}&
fb_exchange_token={short-lived-token}
Quoting FB's documentation from here ::
Apps are unable to exchange an expired short-lived token for a long-lived token. The flow above only works with short-lived tokens that are still valid. Once they expire, your app must send the user through the login flow again.
Do read the Expiration and Extending Tokens portion of the documentation link that I have mentioned for further clarification.
190
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
