Facebook deprecated offline access, any way around?

Question

I have a music website in php. I can get users to authenticate via facebook and login to my website via hybridauth library.

Now what I want is that every time a user listens to a song I update his status with the song link. Can this be achieved now that Facebook is removing the support for offline access or is this something that does not need the offline access permission?

I am new to facebook api.

Answer 1

Well, I don't fully understand your scenario, but if the user is using your app at the time you want to publish on his wall then you have no problem what so ever, and you do not need the "offline_access" or any equivalent..

You can simply load the javascript SDK to the page, which will make sure that the user is authenticated and that you have a valid access token, as it says in the auth documentation Handling Invalid and Expired Access Tokens:

Desktop Web and Mobile Web apps which implement authentication with the Javascript SDK

Calling FB.getLoginStatus() or ensuring status: true is set when you call FB.init() means that the next time a user lands on your application and is signed into Facebook, the authResponse object you are passed as a result of those calls will contain a fresh, valid access token.

In this case, its simply the act of the user using your application which implicitly generates a new access token.

---

Edit

You can get a pretty long lived access token (about 60 days) if you use the server side auth flow, or using the new endpoint facebook provided for extending valid access tokens (which were obtained using a client-side flow) as described in the post Removal of offline_access Permission.

If that helps you then fine, but I recommend you to just make sure that your application can handle token expiration since there's nothing you can do to completely avoid that situation.

How? well, you have a few options, and you'll need to find one that fits your specific scenario, but here's an option: First of all, as I see it, you'll have to do things in the client side since the token ca expire when the user is listening to a song, and in order to get a new token from the server side you'll have to refresh the page and send the user to the auth dialog, which will interfere with his experience.

Here's some js code that uses the js sdk, it's not full code, and I don't expect it to work, but it should give you an idea of what you can do:

FB.Event.subscribe("auth.statusChange", function(response) {
    if (response.status !== "connected") {
        FB.login(function(response2) {
            if (response2.authResponse) {
                // you now have a valid access token, you can update your server side with an ajax request for example
            }
            else {
                // user canceled login
            }
        });
    }
});

Also, be aware that FB.login tries to open a popup and so it should not be called like this, only after a user interaction, and so instead of just calling it, you should replace it with showing a user a message like "please click 'ok' in order to be able to post to facebook..." and with that click open the FB.login.

There are of course other methods that you can use, or other events that you can subscribe to, just read the documentation and experiment with the options you have.