0

When a user open the app for the first time the permissions page comes back with a code that i'm using here https://graph.facebook.com/oauth/access_token?client_id=ID&redirect_uri=MY_URL&client_secret=SECRET&code=CODE to get the access token.

If is the first time that the user open the app it works. If is not the first time i can't get an updated token. I've tried saving the code for each user that joins, but it changes and old codes can't provide an access token. I've also tried to save the token but it expire too. I also prefere to don't use the offline_access permission.

Thanks in advance for the help ;)

Dario Emerson
  • 127
  • 4
  • 13

2 Answers2

0

that's right, the access token has an expiration date, and it is issued for short time.

try this thread: What is the correct way to refresh Facebook OAuth2 access token after it expires?

also, you can use client side authentication with the help of the javascript api. use the official docs: Facebook Authentication and the js sdk auth methods, such as: Facebook Javascript getAuthResponse Function

Community
  • 1
  • 1
Nitzan Tomer
  • 155,636
  • 47
  • 315
  • 299
  • I've already tried to redirect the user to the auth page again when i got no code/token expired. But i shows the code as a get parameter in the app url. that redirect make the login/auth process quite slow and also if i use that link on another pc with another facebook account logged in, i can sign in on the app with another username. and that have to be avoided. i'm now looking at JS APIs.... – Dario Emerson Jan 21 '12 at 20:32
  • JS APIs does the same process =( ok so the only way is to redirect the user to the auth page again? – Dario Emerson Jan 21 '12 at 20:43
  • when the user is in the your page without the need to fresh the page (or reload another), you can use the js sdk to be informed of changes in the user session: http://developers.facebook.com/docs/reference/javascript/FB.Event.subscribe/, with that you can subscribe to the event. – Nitzan Tomer Jan 21 '12 at 21:05
0

There is no way the old code can be used to fetch access token, you need to redirect the user to this url every times he comes alternative you can see if offline access works for you!

Waqar Alamgir
  • 9,828
  • 4
  • 30
  • 36