In the Settings > Advanced section of the Facebook App config there is a setting called Client Token. The description says The Client Token is for auth methods in place of the app secret.
In what calls can the Client Token be used instead of the App Secret and why should it?
When your app uses Facebook Login to authenticate someone, it receives a User access token. If your app uses one of the Facebook SDKs, this token lasts for about 60 days. However, the SDKs automatically refresh the token whenever the person uses your app, so the tokens expire 60 days after last use.
Facebook sends a code back to your server and you securely send this code to the client. The client uses this code to request a long-lived token from Facebook. Facebook sends the client a long-lived token which is used to post stories or query data.
Access tokens are used in token-based authentication to allow an application to access an API. For example, a Calendar application needs access to a Calendar API in the cloud so that it can read the user's scheduled events and create new events.
An API token is similar to a password and allows you to authenticate to Dataverse Software APIs to perform actions as you. Many Dataverse Software APIs require the use of an API token.
The client token is used for the client applications that cannot use the standard oAuth2 method.
A web application can fill the redirect_uri parameter ensuring that the calling url is the authorized url for the application, but an iOS application does not have a valid url to redirect to, so the client token is used instead.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With