trying to get app access token

42
votes

I tried to get an app-access-token for my facebook app with this code:

APP_ACCESS_TOKEN = FB.api(
    "oauth/access_token",
    {client_id: APP_ID, client_secret: APP_SECRET_CODE, redirect_uri: uri},
    function(response){
    console.log(response);
});

which should be like:

GET https://graph.facebook.com/oauth/access_token?
        client_id=YOUR_APP_ID
       &client_secret=YOUR_APP_SECRET
       &redirect_uri=uri

but i get an error:

code: 1
message: "Missing authorization code"
type: "OAuthException"

What is the authorization code and how can i get it?

5
facebookaccess-token
Did you find a working solution?Kees C. Bakker
Sorry I can´t remember. Too long ago. It was during a lab.Franz Deschler

5 Answers

70
votes

Obtaining an App Access Token

To obtain an App Access Token, invoke the following HTTP GET request:

GET https://graph.facebook.com/oauth/access_token?
            client_id=YOUR_APP_ID
           &client_secret=YOUR_APP_SECRET
           &grant_type=client_credentials

The API will respond with a query-string formatted string of the form:

access_token=YOUR_APP_ID|YOUR_APP_ACCESS_TOKEN

Reference: http://developers.facebook.com/docs/opengraph/howtos/publishing-with-app-token/

45
votes

https://developers.facebook.com/docs/howtos/login/login-as-app/:

“Because it requires you to include your App Secret you should not attempt to make this call client-side as that would expose this secret to all your app users. It is important that your App Secret is never shared with anyone. For this reason, this call should be performed server-side”

And for the app access token, it’s the same – you should never use it client-side, because every user could spot it there and then start using it to perform actions on behalf of your app (or change many of your app’s settings).

If you have a server-side part to your application, you can simply “build” the app access token there yourself, concatenating app id and secret with a pipe symbol, app_id|app_secret.

1
votes

check if users of the node.js or the JAVASCRIPT.

getLongLiveToken: function(data){
    FB.api('oauth/access_token', {
        client_id: data.client_id, // FB_APP_ID
        client_secret: data.secret, // FB_APP_SECRET
        grant_type: 'fb_exchange_token',
        fb_exchange_token: data.access_token // USER_TOKEN
    }, function (res) {
        if (!res || res.error) {
            console.log(!res ? 'error occurred' : res.error);
        } else {
            var accessToken = res.access_token;
            if(typeof accessToken != 'undefined'){}
        }
    });
}
0
votes

I'm not sure that exposing the APP client secret in the code is a good idea, you can take the APP token from Facebook tool "Access Token Tool" just copy the token to your code for any use https://developers.facebook.com/tools-and-support/

0
votes

You can also use this POST endpoint without generating the token, just be sure its being called from the server not client-side where the app_secret is exposed to public:

https://graph.facebook.com/?id={url}&scrape=true&access_token={app_id}|{app_secret}