7

I have a strange problem with Facebook Oauth access_token endpoint:

https://graph.facebook.com/oauth/access_token?             
    client_id=APP_ID&
    client_secret=APP_SECRET&
    grant_type=fb_exchange_token&
    fb_exchange_token=EXISTING_ACCESS_TOKEN

The documentation here (in "Scenario 3") said: "If the call is made while there is still a valid long-lived user access_token for that user, the returned user access_token from this second call may be the same or may have changed, but in either case the expiration time will be set to a long expiration time."

If I obtain a valid long-lived user access_token, this endpoint returns the same access token I already have and expires parameter too but only for a short period. So if I repeat the same call to the above andpoint with the same access_token after some time (few hours for example) it returns only the access_token without the expires parameter. ...so I can't establish when my access_token will expires. Note that the access_token returned is still valid and it works perfectly.

Have you experienced the same issue? Do you have any suggestions? Thank you!

Andrea Zonzin
  • 1,124
  • 2
  • 11
  • 26
  • 2
    I don't understand - are you trying to extend a token when the user isn't actively using your app / isn't logged in to Facebook? – Igy Jul 13 '12 at 13:31
  • Correct. It is a backgrond process. It works on a server as a backgrond process and it has to use facebook insight api with a long-lived user access_token (because ther is no uman user with a browser to perform a login). So I have to use the endpoint to know how many days are left to the expiration time. When days < 10 I have to alert the user via e-mail. – Andrea Zonzin Jul 13 '12 at 17:51
  • That's not possible, the user needs to come back at least every 60 days for you to maintain an active token for them, exceptions being the Ads API and Pages API which allow infinite tokens - you can only extend once they're actually using the app – Igy Jul 14 '12 at 18:45
  • 10 days before the token expires, I have to alert the user telling him via mail to login in facebook and visit the app page. Otherwise, if the user does not access my app page for more than 60 days, the background process will not able to work. – Andrea Zonzin Jul 14 '12 at 21:14
  • To clarify: the backgrond process has to use the end point above to obtain the espiring time and alert the user via mail if the expiring time is <10 days. After the user receives the alert he has to login in facebook end visit the app to extend the token. The problem is that the end point does not return the expiring time. – Andrea Zonzin Jul 14 '12 at 21:45
  • I'm having the same problem of not getting an expires value when trying to get a new long-lived token. I have to de-authorize the app and ask the user to re-authorize to get a new long-lived token. Have you found a fix for this situation? – Dave Jan 30 '15 at 17:11

1 Answers1

0

We're experiencing the same problem. I'd advise recording the expiration time in your database. Not the seconds to expire, of course, but the actual date/time of expiration. We, too, will be sending an email to request the user renew their token. If there's another way to make that request, we're also interested in knowing about it. Asking the user for yet another thing (their email) doesn't sound like a good idea.

sheetzam
  • 68
  • 1
  • 7