Facebook access Token with longer expiration

9
votes

I am trying to follow this tutorial on getting a token with longer expiration time . The Facebook connect is done on the client side (Js sdk). The steps I take are:

  • enabled 'deprecate offline_access' on my app settings page
  • retreive the access_token as normal
  • curl "https://graph.facebook.com/oauth/access_token?
    client_id=APP_ID& client_secret=APP_SECRET& grant_type=fb_exchange_token& fb_exchange_token=access_token"

This always returns the same exact same access token with expiration of 2 hours, shouldn't it return a token (same or not as access_token) that is valid 60 days ?

Thanks

2
facebookoauthaccess-token

2 Answers

6
votes

As of right now, in my experience, it seems that the 60 day tokens are returned for new users who add the app after the 'deprecate offline_access' setting is enabled. Older users, from prior to setting the 'deprecate offline_access' setting seem to be stuck at 2 hour lifetime.

I also have some tests that seem to indicate that setting the 'Enhanced Auth Dialog' setting in addition to the 'deprecate offline_access' setting is required to get long lived tokens.

3
votes

You can programmatically set the 2hour token as expired using HTTP DELETE to me/permissions, this will force the user to re-auth your app. Which should give you a 60 day token.