Extending Facebook auth_token

0
votes

I get the following error while trying to extend an auth_token received from the Facebook JS SDK code..

URL : https://graph.facebook.com/oauth/access_token?client_id=229083900472938&client_secret=XXXXXXXXX&grant_type=fb_exchange_token&fb_exchange_token=AAADQWcCC7moBAPM9OlZCpOYnZBoxWnX7MwpP86HHMQM2QAe1DkW9cAI3AaSxVXEPNo7NOnljYCawSg3pgLWtvRph9dhfgZBqK4vt4YB5ZAYCpaiJu71o

{ "error": { "message": "Cannot access application using the specified access_token", "type": "OAuthException", "code": 1 } }

if I change the URL to include a token generated using the Graph API explorer it works fine.

Any ideas?

4
facebook
Looks like you are trying to extend a user access token that belongs to another app …CBroe
but I'm not, if I go to the Access Token Debugger, each token point back to the same application id.. any other ideas?Greg Tyndall

4 Answers

0
votes

Debug the token using the debugger and ensure it matches the APP ID provided above.

The message is clear, the token you are using is not for the access_token.

It could be that you are mixing up tokens with the Graph API Explorer App or another app.

1
votes

I was experiencing this issue, and got some support direct from FB engineers. The most likely cause of this error is "demographic checks" for the user.

Our app had an age-gate as it was alcohol related. Certain users' profiles did not contain enough information for FB to ensure they were above the drinking age for their location, so the session creation failed. Why this only happened on this call and not on earlier ones, I don't know.

Does your app have an age-gate, or anything similar?

1
votes

We faced to such problem when test our applications. Facebook's test users have a bug on extending access token, but real users do not have.

the trouble was: we had restrictions by country and test users have not a country.

So check restriction of your app too.

0
votes

Use the following code to generate the code; Once you have your access code, you can exchange it for an extended code. The last part of the code shows how to debug:

$app_id = "XXXXXXXXX";
$app_secret = "YYYYYYYYYYYY";
$redirect_url = "http://www.example.com/page.php";
$fb_code = $_REQUEST['code'];

if(!$fb_code)
{ 
    $login_dialog_url= "http://www.facebook.com/dialog/oauth?"
    . "client_id=" .  $app_id 
    . "&redirect_uri=" . urlencode( $redirect_url)
    .  "&scope=read_friendlists,read_stream,xmpp_login,user_online_presence,friends_online_presence,create_event,publish_stream&response_type=code";
    echo("<script>location.href='" . $login_dialog_url . "'</script>");
}
else
{
    $token_url="https://graph.facebook.com/oauth/access_token?"
    . "client_id=" . $app_id 
    . "&redirect_uri=". urlencode($redirect_url)
    . "&client_secret=" . $app_secret
    . "&code=" . $fb_code;
    $response = file_get_contents($token_url);
    parse_str($response, $params);
    $access_token = $params['access_token'];
    echo 'Access Token: '.$access_token.'<br>';

Generate extende code here if required

    if($access_token) 
    {
        $token_url="https://graph.facebook.com/oauth/access_token?"
        . "client_id=" . $app_id 
        . "&redirect_uri=". urlencode($redirect_url)
        . "&client_secret=" . $app_secret
        . "&grant_type=fb_exchange_token"
        . "&fb_exchange_token=" . $access_token;
        $response = file_get_contents($token_url);
        parse_str($response, $params);
        $extended_access_token = $params['access_token'];
        echo 'Extended Access Token: '.$extended_access_token;
    }

Debug Extended Code here:

    $expires = "https://graph.facebook.com/debug_token?input_token=$access_token&access_token=$extended_access_token";
    $response = file_get_contents($expires);
    echo "<pre>";
            print_r(json_decode($response));
    echo "</pre>";