0

Is there a way to request a new access token (with an expired token) without the user logging in again? There has to be way that Facebook can refresh the app token without requiring user input. This needs to be done server-side and not client side.

UPDATE: I forgot to mention that I already have a long-lived token. I want to refresh and get a new one before it expires.

gregavola
  • 2,519
  • 5
  • 30
  • 47

2 Answers2

1

Yes. Before the token is expiring, make an http request to-

https://graph.facebook.com/oauth/access_token?  
grant_type=fb_exchange_token&           
client_id=APP_ID&
client_secret=APP_SECRET&
fb_exchange_token=SHORT_LIVED_ACCESS_TOKEN

This will give you a fresh token with 2 months validity.

For more details- extending-tokens

Sahil Mittal
  • 20,697
  • 12
  • 65
  • 90
  • Right - but what if I already have 2 month token and it's not expiring - can use the same method to get a brand new token? – gregavola Feb 05 '13 at 16:11
  • I'm testing it now to make sure it works - once I can verify - I can mark it as correct. – gregavola Feb 05 '13 at 16:15
  • This doesn't work. I tried this on a active long-lived token, and it returned the same token instead of getting a new one. – gregavola Feb 05 '13 at 16:53
  • The reason is that you exchanged the token that you generated today itself, in that case the same token is returned with the max validity. Try doing that tomorrow. Anyway why are you wishing to do that? :) – Sahil Mittal Feb 05 '13 at 16:55
  • It was not generated today, it was generated on Dec-22-2012. I attempted to refresh the token when it was still active, yet I still the same access token. My app does not require the user to log-in via Facebook, so I can't automatically get a new token everytime. I need to do this service side. – gregavola Feb 05 '13 at 16:58
  • Well yes you are right, I read the docs again, the longer-token can only be exchanged with the shorter one. See [here](https://developers.facebook.com/roadmap/offline-access-removal/#extend_token). So, with your question, you can generate a new extended token everytime a user visit your app/site and save in the dB. Concluding, your user must visit your site at least once in two months, so that his token will never expire. – Sahil Mittal Feb 05 '13 at 17:09
  • Yes - but my app does not require Facebook login, so there is no way to do this server side - it requires the user optional "Login with Facebook" every 2 months to keep their token fresh. – gregavola Feb 05 '13 at 17:13
  • let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/23981/discussion-between-sahil-and-gregavola) – Sahil Mittal Feb 05 '13 at 17:13
0

it's possible to extend the lifetime of an access token to 60 days maximum. have a look here: https://developers.facebook.com/roadmap/offline-access-removal/

if an user is not returning for more than 60 days, there's no way to obtain a new user access token.

Johannes N.
  • 2,364
  • 3
  • 28
  • 45