The new Facebook SDK for Android (3.0) has deprecated a lot of the old methods, including the setAccessToken method. The replacement for this (I think) is the method openWithImportedAccessToken

https://developers.facebook.com/docs/reference/android/3.0/Session#openWithImportedAccessToken(String, Date, Date, AccessTokenSource, List, StatusCallback).

Does anyone have any examples of using this? In particular how do you get the expiration time and last refresh time of the access token?

If you have no data for a particular parameter, there are reasonable defaults you can fill in here that result in sub-optimal-but-not-too-bad behavior.

Keep in mind that you should only be calling this API the first time you run after upgrading to the 3.x Android SDK to import the token from wherever you were storing it before. Afterwards, the SDK manages the token cache by default. So any sub-optimal behavior should be one-time localized to this upgrade.

Provide what data you know. For what you don't know, it is mostly okay to specify that:

• the expiration date is 60 days from now
• the last updated time is now
• the AccessTokenSource is FACEBOOK_APPLICATION
• the permission list is empty

Note that if you always ask for the same permissions and therefore know what permissions your old token has, use those.

It is better if you can provide the correct values for these parameters, but the downsides are generally not terrible. Here are the downsides to lying to this API:

• Downside of specifying that the expiration time is later than it is: if the token is expired, you may make a request anyway and have the Facebook service return an error rather than noticing it immediately on the client side.
• Downside of specifying that the last updated time is more recent than it was: the SDK will try to refresh the token on the first request rather than waiting for 24 hours.
• Downside of specifying AccessTokenSource as FACEBOOK_APPLICATION: if the token came from a WebView, the SDK will try to refresh your token, and the operation will fail. Eventually the token will expire, and the subsequent login will correct the AccessTokenSource value.
• Downside of specifying empty permissions: when you are about to perform an operation, you should check if you have permissions to do the operation, and if not you should call Session.reauthorize() to request permissions. If you call openWithImportedAccessToken() with an empty list (or fewer permissions that you actually have), then you will think you do not have the permission and will ask the user again for the permission. As long as this is in the context of the user doing an operation where this permission is expected, this should not be too jarring to the user.

Our documentation here tells you how to to retrieve/debug the access token to retrieve metadata such as the expiration and when it was issued. You can use this endpoint if you do not those fields beforehand.