trying to get app access token

Question

I tried to get an app-access-token for my facebook app with this code:

APP_ACCESS_TOKEN = FB.api(
    "oauth/access_token",
    {client_id: APP_ID, client_secret: APP_SECRET_CODE, redirect_uri: uri},
    function(response){
    console.log(response);
});

which should be like:

GET https://graph.facebook.com/oauth/access_token?
        client_id=YOUR_APP_ID
       &client_secret=YOUR_APP_SECRET
       &redirect_uri=uri

but i get an error:

code: 1
message: "Missing authorization code"
type: "OAuthException"

What is the authorization code and how can i get it?

Answer 1

Obtaining an App Access Token

To obtain an App Access Token, invoke the following HTTP GET request:

GET https://graph.facebook.com/oauth/access_token?
            client_id=YOUR_APP_ID
           &client_secret=YOUR_APP_SECRET
           &grant_type=client_credentials

The API will respond with a query-string formatted string of the form:

access_token=YOUR_APP_ID|YOUR_APP_ACCESS_TOKEN

Reference: http://developers.facebook.com/docs/opengraph/howtos/publishing-with-app-token/

Answer 2

https://developers.facebook.com/docs/howtos/login/login-as-app/:

“Because it requires you to include your App Secret you should not attempt to make this call client-side as that would expose this secret to all your app users. It is important that your App Secret is never shared with anyone. For this reason, this call should be performed server-side”

And for the app access token, it’s the same – you should never use it client-side, because every user could spot it there and then start using it to perform actions on behalf of your app (or change many of your app’s settings).

If you have a server-side part to your application, you can simply “build” the app access token there yourself, concatenating app id and secret with a pipe symbol, app_id|app_secret.