2
votes

I'm using Hybridauth to connect with Facebook. Everything works well at that point ;-)

I get a token and when I check it at https://developers.facebook.com/tools/debug/ I see it has 2 months expiration.

After some days, for example, 50 days, I see the token will expire in 10 days indeed.

I try to extend with method documented (and described in other StackOverflow questions) with:

https://graph.facebook.com/oauth/access_token?             
client_id=APP_ID&
client_secret=APP_SECRET&
grant_type=fb_exchange_token&
fb_exchange_token=EXISTING_ACCESS_TOKEN

Then I receive ANOTHER token, but if I check that new token in the "tools debug" page, it returns the same expiration time (10 days in the example) ... and indeed, in 10 days, the old token and this new one are expired.

Then ... how can I get a working extended token ?

EDIT TO ASK SPECIFIC QUESTION

In my case, users connects their facebook to their accounts and then I can get each day new photos from their timelines, and obviously I don't want them to connect (or click any button) each 60 days to renew this. I guess this can be automated forever (since there's no more offline_access permission) as other websites do.

How can let a user to connect their FB account to my site, and then I have a way to grab new content in his timeline forever ?

1

1 Answers

4
votes

You have to redirect to user to the login dialog url again, as described in https://developers.facebook.com/docs/facebook-login/access-tokens/#expiredtokens

If the access token becomes invalid, the solution is to have the person log in again, at which point you will be able to make API calls on their behalf once more. The login flow your app uses for new people should determine which method you need to adopt.

Normally there should be no user action required when redirecting, if you don't request more permissions.