Facebook tokens when generated are 60 days, looking at the facebook docs you cannot increase the expiry date.so I guess when using the api you can test for token expiration and if expired make same calls that the data type makes and regenerate the token?
There isn't a short answer for this one - partly because it isn't very well documented in the Facebook API.
The Facebook API allows you to "debug" an access token - that is request information about a given access token. This should among other things return a date for when the token will expire. However when I try to debug some of my user access tokens, the expire date is simply null. The API documentation doesn't mention that the expire date can be null, and therefore also not why it is null.
The debug information will however contain a date for when the access token was issued, so I guess you could assume that the expire date is 60 days later if nothing else is specified. Either that, and Facebook has changed something again, and the access token doesn't have an expire date. I can't tell for sure.
Anyways, Facebook has a way to exchanging a short-lived user access token into a long-lived user access. It seems that the same method can be used for be used for exchanging one long-lived user access token for another. In Skybrud.Social you can do that with the following lines:
However if I request debug information about the new user access token, it will have the issue date of the first one, and still no expire date. So the lifetime of the access token may have been extended , but again - I can't tell for sure. The best way to confirm this is simply to wait and see, but I bet you don't wan't to sit around for two months. The fact that the issue date isn't updated also means that you can't just assume that the expire date is 60 days later as I wrote earlier.
Hope this makes sense. While most of the Facebook API is well documented, some parts are not, and it can really give some headaches and times of hair pulling.
Another option
Depending on what you're doing with the Facebook API, you might be able to use an app access token (what I've described above is for user access tokens). An app access token doesn't expire, doesn't have a user context (since it belongs to your app) and generally has less permissions that an user access token. But if you're just going to read non-private data, it should be fine. You can see a list of your app access tokens here:
Many thanks for the detailed reply. Regarding the other option this is what I am actually doing. I have created facebook app and am using those keys to create the oauth token and am reading public data only. I can see on the link you sent the user and app tokens. So I guess I can use the app token, however given that the data type uses app id and app secret which is then going to generate user token do i need to update my calls so that when i create the facebook service give it the token from the webpage and may be hard code that token into web.config or other config file?
Actually looking at the code a bit more could i do,
var facebook = _externalServicesNode.GetPropertyValue(DocTypeConstants.ExternalServices.FaceBookoAuth) as FacebookOAuthData; //get the oauth data from value set on node
facebook.AccessToken= theTokenHardCodedSomehere; //so this is value from facebook for app token
if (facebook != null && facebook.IsValid)
{
// Gets an instance of FacebookService based on the OAuth data
_facebookService = facebook.GetService();
}
Your code example will work fine, but since the editor will authenticate with his/her account, it is a user access token, and therefore you might still have the problems with them expiring.
App access tokens will not expire, so as you suggest, you can hardcode the token in your Web.config. This is the approach I'm using myself when I only have to pull data.
I have just done this so i get the FacebookOAuthData object then pass in the app token, my only worry is when the user token expires i will not be able to get the facebookoauthdata and then pass in the app token?
If you add a Facebook OAuth property, editors can authenticate, and an user access token is saved. This token will expire after 60 days, so either the editor has to manually renew the token or you as a developer should make some code for renewing the token (assuming what I wrote earlier about renewing tokens actually works).
In the case of app access tokens, they will not expire, so you can do something like:
string token = ConfigurationManager.AppSettings["FacebookAppAccessToken"];
FacebookService service = FacebookService.CreateFromAccessToken(token);
Then neither the editors or you have to think about renewing the token. You don't need the FacebookOAuthData for app access tokens ;)
I should have rephrased the question as to how do i get facebook service using token, you have answered above. I have my token set on a config node and i get it from there.
Facebook token expiration
Hello,
Facebook tokens when generated are 60 days, looking at the facebook docs you cannot increase the expiry date.so I guess when using the api you can test for token expiration and if expired make same calls that the data type makes and regenerate the token?
Regards
Ismail
There isn't a short answer for this one - partly because it isn't very well documented in the Facebook API.
The Facebook API allows you to "debug" an access token - that is request information about a given access token. This should among other things return a date for when the token will expire. However when I try to debug some of my user access tokens, the expire date is simply null. The API documentation doesn't mention that the expire date can be null, and therefore also not why it is null.
The debug information will however contain a date for when the access token was issued, so I guess you could assume that the expire date is 60 days later if nothing else is specified. Either that, and Facebook has changed something again, and the access token doesn't have an expire date. I can't tell for sure.
Anyways, Facebook has a way to exchanging a short-lived user access token into a long-lived user access. It seems that the same method can be used for be used for exchanging one long-lived user access token for another. In Skybrud.Social you can do that with the following lines:
However if I request debug information about the new user access token, it will have the issue date of the first one, and still no expire date. So the lifetime of the access token may have been extended , but again - I can't tell for sure. The best way to confirm this is simply to wait and see, but I bet you don't wan't to sit around for two months. The fact that the issue date isn't updated also means that you can't just assume that the expire date is 60 days later as I wrote earlier.
Hope this makes sense. While most of the Facebook API is well documented, some parts are not, and it can really give some headaches and times of hair pulling.
Another option
Depending on what you're doing with the Facebook API, you might be able to use an app access token (what I've described above is for user access tokens). An app access token doesn't expire, doesn't have a user context (since it belongs to your app) and generally has less permissions that an user access token. But if you're just going to read non-private data, it should be fine. You can see a list of your app access tokens here:
https://developers.facebook.com/tools/accesstoken/
Anders,
Many thanks for the detailed reply. Regarding the other option this is what I am actually doing. I have created facebook app and am using those keys to create the oauth token and am reading public data only. I can see on the link you sent the user and app tokens. So I guess I can use the app token, however given that the data type uses app id and app secret which is then going to generate user token do i need to update my calls so that when i create the facebook service give it the token from the webpage and may be hard code that token into web.config or other config file?
Many thanks
Ismail
Anders,
Actually looking at the code a bit more could i do,
var facebook = _externalServicesNode.GetPropertyValue(DocTypeConstants.ExternalServices.FaceBookoAuth) as FacebookOAuthData; //get the oauth data from value set on node facebook.AccessToken= theTokenHardCodedSomehere; //so this is value from facebook for app token if (facebook != null && facebook.IsValid) { // Gets an instance of FacebookService based on the OAuth data _facebookService = facebook.GetService(); }Regards
Ismail
Your code example will work fine, but since the editor will authenticate with his/her account, it is a user access token, and therefore you might still have the problems with them expiring.
App access tokens will not expire, so as you suggest, you can hardcode the token in your Web.config. This is the approach I'm using myself when I only have to pull data.
Anders,
I have just done this so i get the FacebookOAuthData object then pass in the app token, my only worry is when the user token expires i will not be able to get the facebookoauthdata and then pass in the app token?
Regards
Ismail
I'm not sure if I understand you correctly.
If you add a Facebook OAuth property, editors can authenticate, and an user access token is saved. This token will expire after 60 days, so either the editor has to manually renew the token or you as a developer should make some code for renewing the token (assuming what I wrote earlier about renewing tokens actually works).
In the case of app access tokens, they will not expire, so you can do something like:
Then neither the editors or you have to think about renewing the token. You don't need the FacebookOAuthData for app access tokens ;)
Anders,
I should have rephrased the question as to how do i get facebook service using token, you have answered above. I have my token set on a config node and i get it from there.
Regards
Ismail
is working on a reply...