Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Ismail Mayat 4511 posts 10062 karma points MVP 2x admin c-trib
    Dec 05, 2014 @ 16:34
    Ismail Mayat
    0

    Facebook token expiration

    Hello,

    Facebook tokens when generated are 60 days, looking at the facebook docs you cannot increase the expiry date.so I guess when using the api you can test for token expiration and if expired make same calls that the data type makes and regenerate the token?

    Regards

    Ismail

  • Anders Bjerner 476 posts 2885 karma points MVP 6x admin c-trib
    Dec 06, 2014 @ 14:51
    Anders Bjerner
    0

    There isn't a short answer for this one - partly because it isn't very well documented in the Facebook API.

    The Facebook API allows you to "debug" an access token - that is request information about a given access token. This should among other things return a date for when the token will expire. However when I try to debug some of my user access tokens, the expire date is simply null. The API documentation doesn't mention that the expire date can be null, and therefore also not why it is null.

    The debug information will however contain a date for when the access token was issued, so I guess you could assume that the expire date is 60 days later if nothing else is specified. Either that, and Facebook has changed something again, and the access token doesn't have an expire date. I can't tell for sure.

    Anyways, Facebook has a way to exchanging a short-lived user access token into a long-lived user access. It seems that the same method can be used for be used for exchanging one long-lived user access token for another. In Skybrud.Social you can do that with the following lines:

    FacebookOAuthClient client = new FacebookOAuthClient {
        AppId = appId,
        AppSecret = appSecret,
        AccessToken = accessToken
    };
    
    string newAccessToken = client.RenewAccessToken(client.AccessToken);
    

    However if I request debug information about the new user access token, it will have the issue date of the first one, and still no expire date. So the lifetime of the access token may have been extended , but again - I can't tell for sure. The best way to confirm this is simply to wait and see, but I bet you don't wan't to sit around for two months. The fact that the issue date isn't updated also means that you can't just assume that the expire date is 60 days later as I wrote earlier.

    Hope this makes sense. While most of the Facebook API is well documented, some parts are not, and it can really give some headaches and times of hair pulling.

    Another option
    Depending on what you're doing with the Facebook API, you might be able to use an app access token (what I've described above is for user access tokens). An app access token doesn't expire, doesn't have a user context (since it belongs to your app) and generally has less permissions that an user access token. But if you're just going to read non-private data, it should be fine. You can see a list of your app access tokens here:

    https://developers.facebook.com/tools/accesstoken/

  • Ismail Mayat 4511 posts 10062 karma points MVP 2x admin c-trib
    Dec 08, 2014 @ 10:31
    Ismail Mayat
    0

    Anders,

    Many thanks for the detailed reply.  Regarding the other option this is what I am actually doing. I have created facebook app and am using those keys to create the oauth token and am reading public data only. I can see on the link you sent the user and app tokens.  So I guess I can use the app token, however given that the data type uses app id and app secret which is then going to generate user token do i need to update my calls so that when i create the facebook service give it the token from the webpage and may be hard code that token into web.config or other config file?

    Many thanks 


    Ismail

  • Ismail Mayat 4511 posts 10062 karma points MVP 2x admin c-trib
    Dec 08, 2014 @ 10:46
    Ismail Mayat
    0

    Anders,

    Actually looking at the code a bit more could i do,

                var facebook = _externalServicesNode.GetPropertyValue(DocTypeConstants.ExternalServices.FaceBookoAuth) as FacebookOAuthData; //get the oauth data from value set on node
    facebook.AccessToken= theTokenHardCodedSomehere; //so this is value from facebook for app token
                if (facebook != null && facebook.IsValid)
                {
                    // Gets an instance of FacebookService based on the OAuth data                
                    _facebookService  = facebook.GetService();
                }

     

    Regards

     

    Ismail

  • Anders Bjerner 476 posts 2885 karma points MVP 6x admin c-trib
    Dec 08, 2014 @ 11:06
    Anders Bjerner
    100

    Your code example will work fine, but since the editor will authenticate with his/her account, it is a user access token, and therefore you might still have the problems with them expiring.

    App access tokens will not expire, so as you suggest, you can hardcode the token in your Web.config. This is the approach I'm using myself when I only have to pull data.

  • Ismail Mayat 4511 posts 10062 karma points MVP 2x admin c-trib
    Dec 08, 2014 @ 11:14
    Ismail Mayat
    0

    Anders,

    I have just done this so i get the FacebookOAuthData object then pass in the app token, my only worry is when the user token expires i will not be able to get the facebookoauthdata and then pass in the app token?

    Regards

    Ismail

  • Anders Bjerner 476 posts 2885 karma points MVP 6x admin c-trib
    Dec 08, 2014 @ 23:33
    Anders Bjerner
    1

    I'm not sure if I understand you correctly.

    If you add a Facebook OAuth property, editors can authenticate, and an user access token is saved. This token will expire after 60 days, so either the editor has to manually renew the token or you as a developer should make some code for renewing the token (assuming what I wrote earlier about renewing tokens actually works).


    In the case of app access tokens, they will not expire, so you can do something like:

    string token = ConfigurationManager.AppSettings["FacebookAppAccessToken"];
    
    FacebookService service = FacebookService.CreateFromAccessToken(token);
    

    Then neither the editors or you have to think about renewing the token. You don't need the FacebookOAuthData for app access tokens ;)

  • Ismail Mayat 4511 posts 10062 karma points MVP 2x admin c-trib
    Dec 09, 2014 @ 12:11
    Ismail Mayat
    0

    Anders,

    I should have rephrased the question as to how do i get facebook service using token, you have answered above. I have my token set on a config node and i get it from there.

    Regards

    Ismail

Please Sign in or register to post replies

Write your reply to:

Draft