** Looks like this was a bug that Facebook has since fixed.

I disabled offline_access so that I could get extended access tokens without asking for the offline_access permission.

While testing, it seemed to work fine at first. I got a token that expired in 60 days. Then I removed the app from facebook's app settings so I could test. As soon as I removed it, I started getting tokens that expire in 2 hours.

Is this a bug? Or maybe this is a security thing like as soon as the app is removed, a flag is set not allowing extended tokens? Someone from Facebook please help me.

Edit: I forgot to mention that this is for an iOS app and I'm using the latest Facebook iOS SDK (which has support for extending the token). After getting the user logs in, I'm calling the extendAccessToken method but I'm still getting back an accessToken that expires in less than 2 hours.

You're supposed to take that 2 hour token and convert it into a 60 day one if your app needs it.

Looks like this was a bug that Facebook has since fixed.

It seems if you set your app type in the Advanced Setting of your app at developers.facebook.com to "Native/Desktop" instead of Web, the extendAccessToken method currently returns a token that expires in around 1 day instead of just 2hrs.

I'm hoping there's a way to get a longer expiry than that, but no luck so far.