I'm aware that there are many questions about Facebook access-tokens and the grief they cause, but despite much experimentation and reading many frustratingly vague blog articles (FB and otherwise), I'm still struggling to get a clear answer to my needs. Let me succinctly break down my process so far:
- I am creating a site that, server-side, needs to pull the posts/statuses from a single Facebook Page
- I am an admin of that Facebook Page
- I have created a Facebook App
- Using the Facebook Graph API Explorer, I've generated a short-lived key, connected to my app and my account, that grants permission to my account to view the access-tokens for my pages
- I've converted my short-lived key to a long-lived key (60 days) ala scenario 4 from this
And here's where I am stuck. My 60 day key works fine for my server to pull the info needed from the page, but as far I can tell, there's no way to programmatically extend that 60 day key. I also do not know of a way to generate a new short-lived key without manually going to the Facebook Graph API Explorer and creating one.
Since it is my server making the requests to the Facebook API and not a user-based system (where I could easily request that a user authorize the Facebook app again), this creates a very clunky system. Since Facebook deprecated offline_access, is there really no permanent way to have my server pull info from my own page? Will I really have to create a new key by hand and manually update my server with it every 60 days?
Or is there something I'm missing?
Update:
The step-by-step guide that was previously found here has been migrated down into its own answer.
These are the steps that were previously in the question - they have been migrated to this answer.
Having found that it is possible to generate a Facebook Page Access Token that does not expire (with help from @Igy), here is a clear, step-by-step quide for all those looking to the same:
- Make sure you are the admin of the FB page you wish to pull info from
- Create a FB App (should be with the same user account that is the page admin)
- Head over to the Facebook Graph API Explorer
- On the top right, select the FB App you created from the "Application" drop down list
- Click "Get Access Token"
- Make sure you add the
manage_pagespermission - Convert this short-lived access token into a long-lived one by making this Graph API call:
https://graph.facebook.com/oauth/access_token?client_id=<your FB App ID >&client_secret=<your FB App secret>&grant_type=fb_exchange_token&fb_exchange_token=<your short-lived access token> - Grab the new long-lived access token returned back
- Make a Graph API call to see your accounts using the new long-lived access token:
https://graph.facebook.com/me/accounts?access_token=<your long-lived access token> - Grab the
access_tokenfor the page you'll be pulling info from - Lint the token to see that it is set to
Expires: Never!
That should do it. You should now have a Facebook Page Access Token that doesn't expire, unless:
- You change your Facebook account password
- You lose admin access for the target page
- You delete or de-authorize your Facebook App
Any of these will cause the access token to become invalid.
If you are getting (#100) Tried accessing nonexisting field (accounts) on node type (Page), go to the Access Token Debugger, copy the value of User ID, and use it to replace the "me" part of the URL in step 9.
This is covered in the Offline Access deprecation document
Use the 60-day token for the page admin to retrieve a Page Access Token (via /PAGE_ID?fields=access_token or /me/accounts) - the Page access token will not have an expiry time
Many thanks to @redhotvengeance for step-by-step guide.
After some time, now there is clearly described in Facebook documentation:
https://developers.facebook.com/docs/facebook-login/access-tokens/expiration-and-extension
Extending Page Access Tokens
Apps can retrieve a page access token from Page admin users when they authenticate with the manage_pages permission. If the user access token used to retrieve this page access token is short-lived, the page access token will also be short-lived.
To get a longer-lived page access token, exchange the User access token for a long-lived one, as above, and then request the Page access token. The resulting page access token will not have any expiry time.
You can also copy and past from the app dashboard on facebook. The steps:
Select your app in the top right corner of the page (pic of what it looks like)
- Click on Messenger from the options on the left (it will go to setting automatically) (pic of what it looks like)
- Go to the "Token Generation" section in the page. Select what page you want to generate the token for. (pic of what that section looks like)
- The copy and past your page token where ever you need it.
Keep in mind that while in theory your token won't expire, that it is directly tied to what ever facebook account your logged into. So say you change your password or you remove the permissions from between your account and your app then your token won't be valid any more.
来源:https://stackoverflow.com/questions/12168452/long-lasting-fb-access-token-for-server-to-pull-fb-page-info