Since the offline_access
Permission is deprecated in Facebook's Authentication flow, we have problem geting the so called long lived access tokens without that permission.
In Facebook's document about the deprecation it says, that server side OAuth generated access tokens will be long lived, but they are not.
Am I missing something? Some setting in app settings? Some special code I need to use to extend expiration time of access tokens? As I understand the documentation, for server side authentication, the access token wich can be accessed by getAccessToken()
method of PHP SDK when the user is logged in is long lived.
Edit (August 14th 2012):
A week ago the official Facebook PHP SDK was updated. The function name was changed to setExtendedAccessToken, and it was decided we actually needed to destroy the session afterwards, to remove the risk of having two active sessions.
Also, the function no longer actually returns the token, but instead stores it within the persistant data. You can therefore get the new access token with the public function getAccessToken afterwards. Grab the new SDK from official Facebook PHP SDK github page to make sure you're up to date.
Original Answer:
I have added a new public function to the base_facebook.php file, which returns an new access token which expires in 60 days. You can make a request to this function after you've received the normal access token. I've not tested, but I assume you also need to enable 'deprecate offline_access" in your Advanced settings of the Developer App.
Just add this to your base_facebook.php inside the facebook class and make a call to it. It works for me.
Inspired by previous answers, I wrote a simple token self-renewal program. First, just put your current token in the 'token.sec' file.
This program will read a token from the file, and update with a new token if everything is OK. In other programs, you just need to use the token:
Here we are:
Finally, we can add this in our crontab to renew the token once per momth:
Actually what was said:
Which means that it will be just longer than client-side generated token, and to receive extended token (60 days) you need do it manually by issuing request to:
This token can still became invalid for several reasons, and how to handle this described in How-To: Handle expired access tokens blog post.
Update:
As of Aug 07, 2012 you can use
setExtendedAccessToken
method to extendaccess_token
instead of manually constructing URL and retrieving details.An access token generated through a server-side OAuth call will be of the extended (longer) kind and you don't need to exchange it. It is already an extended token. The only thing you must do is enable "Deprecate offline access" in your app settings. This is of course only necessary if "Deprecate offline access" was previously disabled.
Then, when you authenticate users through Facebook you will receive an access token that lives for 60 days. Authenticating multiple times during the same day will result only in the first authentication extending the expiration time.
//using a javascript for popup for facebook login
//got the accesstoken with 1-2 hours expire time
//got the accesstoken into a controller called facebook controller
//taking the access token to extend to 60days
//After the execution of below code , we will have a response with acess token expire time to 60days.
// Above response is given for parsing.
//after the parsing the contents in the above execution code the new extended accesstoken is stored.
//stored to session.
//Have a nice coding
this is for extending pages access token to expiring never, and extending the life of user access tokens expiring after 2 months(the 'new access token').
Ok so it took about a week of research but here is my solution. in the https://developers.facebook.com/tools/explorer/ make sure that you have manage_page as part of your access_token. after that use this code with your app id, secret, and redirect:
After that copy the 'new access token' and go back to https://developers.facebook.com/tools/explorer/ When you get there past in your new access token into the the access token field. Then click submit. After that in the node you will see a +____ click on this and scroll down to the accounts and click that. find the page that you need the access token for and copy and paste it into the access key field. click debug and you will see that it will never expire. save that token it will stay valid as long as you do not reset your apps secret.