Reputation: 21
I'm looking into automatically renewing Facebook access_tokens for all my users from a cron job before they are about to expire and as part of this I've been reading through the following link regarding offline access: https://developers.facebook.com/roadmap/offline-access-removal/ In the link it says the following: "Note: The user must access your application before you're able to get a valid "authorization code" to be able to make the server-side OAuth call again. Apps will not be able to setup a background/cron job that tries to automatically extend the expiration time, because the "authorization code" is short-lived and will have expired."
Why is an authorization code mentioned here and why is it not possible to just automatically renew the access_tokens for my users from a cron job provided the access_tokens in question are still valid? According to the link, the following is the call that needs to be made to refresh the access_token:
https://graph.facebook.com/oauth/access_token?
client_id=APP_ID&
client_secret=APP_SECRET&
grant_type=fb_exchange_token&
fb_exchange_token=EXISTING_ACCESS_TOKEN
Theres no requirement to supply an authorization code. The only client specific information required is the EXISTING_ACCESS_TOKEN parameter. The other parameters like APP_ID are just application specific. Any suggestions as to what I need to do to get this working would be much appreciated.
I have gone through the existing posts about this and I've found an explanation for it not been possible to renew the access_tokens using a cron job when the tokens have already expired. However, my access_tokens are still valid so it doesn't apply for me.
Upvotes: 2
Views: 398
Reputation: 96456
Why is an authorization code mentioned here and why is it not possible to just automatically renew the access_tokens for my users from a cron job provided the access_tokens in question are still valid?
Because otherwise the deprecation of offline_access would be pretty useless, because every app could still go on acting on behalf of its users forever.
I have gone through the existing posts about this
Good, because it’s not like the very same thing you’re asking had not been explained before already multiple times. Bad, that you did not understand it though.
and I've found an explanation for it not been possible to renew the access_tokens using a cron job when the tokens have already expired.
Correct.
However, my access_tokens are still valid so it doesn't apply for me.
You can only exchange short-lived access tokens for a long-lived one. You can not prolong an already existing long-lived one.
Upvotes: 1