1

I am able to verify a facebook access token from users by querying this endpoint https://graph.facebook.com/debug_token?input_token=&access_token=

This means that I have to either request an app access token every-time I need to verify a request or get a long lived token and remember to renew it when it expires. Can I do something like this instead? https://graph.facebook.com/debug_token?input_token=token&app_id=appid|appsecret. I have tried this but it does not work. Any suggestion would be welcome.

jkerone
  • 73
  • 1
  • 1
  • 7

1 Answers1

1

It turns out there are two types of app access token. The one I was interested in was the long lived token which does not expire until the app secret is changed. It is generated by issuing a server call to facebook graph endpoint like this.

curl -X GET "https://graph.facebook.com/oauth/access_token?client_id=appid&client_secret=appsecret&grant_type=client_credentials".

The response will be in this format: appid|apptoken. Using that unique combination, you can query any endpoint requiring auth like this. https://graph.facebook.com/debug_token?input_token=usertoken&access_token=appid|apptoken

jkerone
  • 73
  • 1
  • 1
  • 7