7
votes

Facebook's "Deprecated Offline Access" doc (http://developers.facebook.com/docs/offline-access-deprecation/) states the following:


*Server-side OAuth Developers

If the access_token is generated from a server-side OAuth call, the resulting access_token will have the longer expiration time. If the call is made while there is still a valid access_token for that user, the returned access_token from this second call may be the same or may have changed, but in either case the expiration time will have been reset. Again, calling this multiple times during the same day will result only in the first call extending the expiration time.*


This would seem to imply that Server-side OAuth automatically gets a long expiration token. I do find this to be the case if I enable the "deprecate offline access" setting in the Facebook Developer advanced dialog - The token expires in 60 days. But with the setting off the token expires in 2 hours.

I'm a little confused about the point of this setting:

Question:

  • The setting sounds like a "transitionary/migratory" option.... If I enable this option will I still get 60 day tokens 6 months from now? without using the "exchange" endpoint?

  • Why not just automatically set all tokens to 60 days?

1

1 Answers

7
votes

The point of migration settings for Facebook apps is to enable developers to test new features (or deprecation of old features) ahead of time in their apps and spot bugs that may arise. AS indicated on the Developer Roadmap, offline_access permission will be removed on May 1st and at that point, every app will act as if the migration setting you are testing is enabled.

You can find more information about this change here: https://developers.facebook.com/docs/offline-access-deprecation/

The reason we do not automatically enable this without notice is because it would cause a lot of apps to break. Facebook have a breaking change policy which tries to avoid making those sorts of changes without a 90 day warning (and in this case, a migration setting).

Edit: offline access permission removal was pushed back to Oct 3rd.