I know this question of expired tokens has been asked many times. But I couldn't find one that fit my situation. Basically I want to make a fb apprequest to the user regardless if he/she is online or offline on Facebook.
Also, I am confused with Facebook documentation. So appreciate if someone could answer the questions I have below.
Facebook access token expires immediately after a user signs out of Facebook unless it is a long-lived token ?
Say user A access token has expired. Is it possible for me to get a new access token without the user A going back to my canvas application ?
When I authenticate a user do I get a short-lived token which I can then extend the validity if I want to or do I get a long-lived token by default ?
Below is the code I use to do a fb request using Koala:
begin
graph = Koala::Facebook::API.new(access_token)
graph.put_object("me", "apprequests", {:message => "..."})
rescue Koala::Facebook::APIError
# Assume a user has a short-lived token and hasn't visit my application for a long time.
# Is it possible to get a NEW long-lived token here without the user going to my application again
# (assume the user did not remove my application) ? If Yes, how to do that using Koala ?
end
Thanks!
I came across this post which adapts code from the Railscast on Facebook to show how you can exchange the short-lived token for the 60-day one:
user.rb
def self.from_omniauth(auth)
# immediately get 60 day auth token
oauth = Koala::Facebook::OAuth.new(ENV["FACEBOOK_APP_ID"], ENV["FACEBOOK_SECRET"])
new_access_info = oauth.exchange_access_token_info auth.credentials.token
new_access_token = new_access_info["access_token"]
new_access_expires_at = DateTime.now + new_access_info["expires"].to_i.seconds
where(auth.slice(:provider, :uid)).first_or_initialize.tap do |user|
user.provider = auth.provider
user.uid = auth.uid
user.name = auth.info.name
user.image = auth.info.image
user.email = auth.info.email
user.oauth_token = new_access_token #originally auth.credentials.token
user.oauth_expires_at = new_access_expires_at #originally Time.at(auth.credentials.expires_at)
user.save!
end
end
Facebook access token expires immediately after a user signs out of Facebook unless it is a long-lived token ?
Yes.
Say user A access token has expired. Is it possible for me to get a new access token without the user A going back to my canvas application ?
The user has to interact with your app in some way for you to get a new token. That interaction doesn’t have to be visiting your actual canvas page, it can f.e. also be a call to FB.getLoginStatus on a page he’s visiting.
When I authenticate a user do I get a short-lived token which I can then extend the validity if I want to or do I get a long-lived token by default ?
If you’re doing server-side authentication, you’ll get a long-lived one. Doing it client-side you’ll get a short-lived token, which you than may exchange for a long-lived one.
But that’s all clearly described here: https://developers.facebook.com/roadmap/offline-access-removal/
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With