Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Verify Facebook Access Token for specific App

Tags:

authentication

facebook

api

I need to verify that users on my iPhone app are actually logged in to my Facebook app. I'm able to verify their user id by retrieving it with their Access token:

https://graph.facebook.com/me?fields=id&access_token=XXXXXXXXXXXXXXX

The security issue I foresee is that, they can send me any valid access token, and it will return their user id. I need to also validate this token is for my specific app. Is there a way to return the Application ID in this request to validate that?

like image 476
Eric Di Bari Avatar asked Jan 27 '13 02:01

Eric Di Bari

People also ask

How do I fix an invalid access token on Facebook?

Please click on Facebook Ads Extension, Manage Settings, go to Advanced options and click on Update token.

What is Facebook app token?

An access token is an opaque string that identifies a user, app, or Page and can be used by the app to make graph API calls. When someone connects with an app using Facebook Login and approves the request for permissions, the app obtains an access token that provides temporary, secure access to Facebook APIs.

Do Facebook app access tokens expire?

When your app uses Facebook Login to authenticate someone, it receives a User access token. If your app uses one of the Facebook SDKs, this token lasts for about 60 days. However, the SDKs automatically refresh the token whenever the person uses your app, so the tokens expire 60 days after last use.

1 Answers

Facebook now provides support for debugging an Access Token. You can retrieve the information related to a particular Access Token by issuing a GET request to the debug_token connection. Something like:

GET /debug_token?
     input_token={input-token}&
     access_token={access-token}

Where, input-token: the access token you want to get information about and access-token: your app access token or a valid user access token from a developer of the app

And this will return the following information:

{
        "data": {
            "app_id": 000000000000000, 
            "application": "Social Cafe", 
            "expires_at": 1352419328, 
            "is_valid": true, 
            "issued_at": 1347235328, 
            "scopes": [
                "email", 
                "publish_actions"
            ], 
            "user_id": 1207059
        }
    }

You can get more information about it in the Getting Info about Tokens and Debugging reference.

like image 143
Rahil Arora Avatar answered Nov 15 '22 18:11

Rahil Arora
Sign in to Comment

Related questions

Why is my Github-hosted site responding with HTTP 302 instead of 200?
FB.getLoginStatus() called before calling FB.init()
Official Facebook examples crashes (GraphApiSample)
Transfer app from one Facebook developer account to another Facebook developer account
How do you renew an expired Facebook access token?
How do Facebook, Google and other large applications do their CSS and JavaScript files?
Given URL is not allowed by the Application configuration
How to get test coverage from Jest while testing React.js App?
Trying to setup facebook login : you must have a valid contact email specified to make this app available to all users
Can't use Facebook Account Kit: Error inflating class com.facebook.accountkit.ui.ConstrainedLinearLayout
How do I can post a multiple photos via Facebook API
With 'picture' in Facebook's Feed Dialog deprecated how can I post an image link?
Hiding a toolbar element when UITableView scrolls (similar to Facebook's app?)
How to get user name and email id for Facebook SDK?
Facebook iframe not working in IE; session/login issue?
facebook like button larger size
Facebook SDK - FBSession: No AppID provided
Associate a new Google or Facebook login with an existing account
Post to a Facebook user's wall with cURL PHP
Invalid redirect_uri: Given URL is not allowed by the Application configuration

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!