Trying to do a fb apprequest using Koala but access token expired. How should I handle?

Question

I know this question of expired tokens has been asked many times. But I couldn't find one that fit my situation. Basically I want to make a fb apprequest to the user regardless if he/she is online or offline on Facebook.

Also, I am confused with Facebook documentation. So appreciate if someone could answer the questions I have below.

• Facebook access token expires immediately after a user signs out of Facebook unless it is a long-lived token ?

• Say user A access token has expired. Is it possible for me to get a new access token without the user A going back to my canvas application ?

• When I authenticate a user do I get a short-lived token which I can then extend the validity if I want to or do I get a long-lived token by default ?

Below is the code I use to do a fb request using Koala:

begin
  graph = Koala::Facebook::API.new(access_token)
  graph.put_object("me", "apprequests", {:message => "..."})
rescue Koala::Facebook::APIError
  # Assume a user has a short-lived token and hasn't visit my application for a long time. 
  # Is it possible to get a NEW long-lived token here without the user going to my application again 
  # (assume the user did not remove my application) ? If Yes, how to do that using Koala ?
end

Thanks!

Answer 1

I came across this post which adapts code from the Railscast on Facebook to show how you can exchange the short-lived token for the 60-day one:

user.rb

 def self.from_omniauth(auth)

    # immediately get 60 day auth token
    oauth = Koala::Facebook::OAuth.new(ENV["FACEBOOK_APP_ID"], ENV["FACEBOOK_SECRET"])
    new_access_info = oauth.exchange_access_token_info auth.credentials.token

    new_access_token = new_access_info["access_token"]
    new_access_expires_at = DateTime.now + new_access_info["expires"].to_i.seconds

    where(auth.slice(:provider, :uid)).first_or_initialize.tap do |user|
      user.provider = auth.provider
      user.uid = auth.uid
      user.name = auth.info.name
      user.image = auth.info.image
      user.email = auth.info.email
      user.oauth_token = new_access_token #originally auth.credentials.token
      user.oauth_expires_at = new_access_expires_at #originally Time.at(auth.credentials.expires_at)
      user.save!
    end
  end

Answer 2

Facebook access token expires immediately after a user signs out of Facebook unless it is a long-lived token ?

Yes.

Say user A access token has expired. Is it possible for me to get a new access token without the user A going back to my canvas application ?

The user has to interact with your app in some way for you to get a new token. That interaction doesn’t have to be visiting your actual canvas page, it can f.e. also be a call to FB.getLoginStatus on a page he’s visiting.

When I authenticate a user do I get a short-lived token which I can then extend the validity if I want to or do I get a long-lived token by default ?

If you’re doing server-side authentication, you’ll get a long-lived one. Doing it client-side you’ll get a short-lived token, which you than may exchange for a long-lived one.

But that’s all clearly described here: https://developers.facebook.com/roadmap/offline-access-removal/