I think this might effect a lot of Facebook/Android developers and yet there does not seem to be that much discussion on the topic...

My question

Has anyone successfully refreshed a token using the extendAccessTokenIfNeeded function? If you did have success, what version was the device (or emulator) running?

Background

I received an email from Facebook saying the offline_access permission will be deprecated from May 1st 2012 and Facebook recommended upgrading to their latest SDK. Fine.

I upgraded to the latest SDK, the official Facebook app is installed on my device and (eventually!) Single Sign On seems to be working OK. I am receiving 60 day tokens which again is OK.

Problems started when I tried to use extendAccessTokenIfNeeded(Context context, ServiceListener serviceListener). I could not get it to refresh my tokens for a longer expiry time. I waited 24 hours between attempts but the token would not refresh. The only way I can get a refreshed token is to log out and login. This also happened when I used the example project "Hackbook".

The most obvious answer is that I am doing something wrong, but, a bug report was submitted to Facebook saying that... "shouldExtendAccessToken will practically almost always return false." This report has been given the priority "wishlist".

Alternatives to the extendAccessTokenAsNeeded()

In the Facebook documentation about offline_access deprecation tokens can be extended using the Graph API. However this has the disadvantage of needing the "App Secret" being included in the URL. An advantage is that the user would not need to have the official Facebook app installed on their device.

Other ideas and concerns

• By changing the extendAccessTokenIfNeeded function in Facebook.java to always return true, I think I got it to refresh once. (The reason I say "think" is because it won't repeat the behaviour and I suspect I have to wait another 24 hours before any chance of another success)

• I notice that Hackbook requires AndroidHttpClient to be imported. This is only available for API 8 onwards. Does this mean that Facebook SSO (in particular token refreshing) is only likely to work on devices with API 8 and later?

• The Facebook.apk included in the SDK is quite old. Perhaps this is why the tokens don't refresh on emulators running API 8 and later?

• And lastly, all of this only relates to those people that have the official Facebook app installed! Another method needs to be completed for those people without the official Facebook app (just complaining now!)

Relevant Facebook links

Facebook-Android-SDK at GitHub

Facebook Android Tutorial

Facebook offline_access permission deprecation

Facebook bug report

Related Stack Overflow Questions

Facebook 60 day access token and Deprecated Offline_Access

Facebook access token can not be extended

How would offline_access work after deprecation after May 1st?

Facebook access token can not be extended

Protecting app secret for extendAccessToken usage (Java/Android)

I don't know Android development, but if you're having issues with that function, maybe there's a similar function of CURL within Android that will allow you to call https://graph.facebook.com/oauth/access_token?
client_id=APP_ID& client_secret=APP_SECRET& grant_type=fb_exchange_token& fb_exchange_token=EXISTING_ACCESS_TOKEN

(google revealed: http://thesoftwarerogue.blogspot.com/2010/05/porting-of-libcurl-to-android-os-using.html on how to CURL from Android)

Try changing the time of REFRESH_TOKEN_BARRIER, so that you do not have to wait 24 hours every time you want to test. I changed mine to about 2 minutes, and I was able to see that the access token was actually being extended when I re-launched the app after 2 minutes.