How can I force a facebook access token to expire?

Question

I\'m doing some testing in the wake of offline_access\'s expiration. I think that since all interactions my app makes with Facebook are done via my servers and are user ini

Answer 1

But it says right there in the documentation, just after the last line you quoted:

App Access Tokens generally do not expire. Once generated, they are valid indefinitely. However, if you need to invalidate your App Access Token for some reason, you can reset your App Secret in your app's settings. Once your App Secret has been reset, you will need to go through the steps below to generate a new app access token.

So for your testing purposes reset the app secret key.

---

Edit

Oh, I completely misunderstood you.
It's easier to invalidate a user token, you just use the me/permissions connection with a DELETE request.

That will remove the app for the logged in user.
You can try that from the explorer tool, just select DELETE on the select box left to the path field.

Answer 2

The answers posted here are outdated. To force your token to expire: log in to your facebook account, go to "Settings", then click "Apps" on the left hand side

Remove the app:

That will force the token to expire.

Answer 3

https://www.facebook.com/connect/login_success.html#access_token="access_token" &expires_in=1.minutes Here in the place of "access_token" enter your access token without quotes and the access token will expire in 1 minute.

Answer 4

you can try replicating the behavior by changing your facebook password

Answer 5

This should work, check below.

Invalidating (aka logout) your token; make HTTP GET call to that endpoint;

https://api.facebook.com/restserver.php?method=auth.expireSession&format=json&access_token=<access_token>

p.s. my answer is from 2012... Since then, Facebook API has evolved with many major changes. It is more reliable to read the up2date Facebook developer doc

Answer 6

Like @guleryuz response, but in pratical way:

Given a valid access_token ${token}:

$ curl -X GET "https://graph.facebook.com/v2.7/me/permissions?access_token=${token}"
{"data":[{"permission":"user_friends","status":"granted"},{"permission":"email","status":"granted"},{"permission":"manage_pages","status":"granted"},{"permission":"business_management","status":"granted"},{"permission":"pages_messaging","status":"granted"},{"permission":"pages_messaging_phone_number","status":"granted"},{"permission":"public_profile","status":"granted"}]}

Do revoke request:

$ curl -X DELETE "https://graph.facebook.com/v2.7/me/permissions?access_token=${token}"
{"success":true}

Verify revoke:

$ curl -X GET "https://graph.facebook.com/v2.7/me/permissions?access_token=${token}"
{"error":{"message":"Error validating access token: The session was invalidated explicitly using an API call.","type":"OAuthException","code":190,"error_subcode":466,"fbtrace_id":"E2UhrNzyyzZ"}}