Reputation: 189
Facebook access tokens expiring for unknown reason
EDIT from @avs099: I'm starting the bounty on this post as I have exactly the same issue. I summarize the problem here, and leave the post itself without any changes at the bottom for the reference.
What we have: Facebook page access token, obtained as described here: Authenticating as a Page and which live was extended to 60 days with new fb_exchange_token request.
What is the problem: this token works for some time - sometimes I can post hundreds of photos to my fan page in the period of several days; sometimes it's literally few photos - and then I start getting either
(OAuthException) Error invalidating access token: The session has been invalidated because the user has changed the password.
or
(OAuthException) Error invalidating access token: Session does not match current stored session. This may be because the user changed the password since the time the session was created or Facebook has changed the session for security reasons.
exceptions from the Facebook - but of course I did not do change password or deauthorized the app.
Additional information: Not sure if that matters but:
- Sometimes I start using token few days after I request it from the Facebook
- Token is requested (by the C# backend) from the server which is located in a different geographical region from the desktop app which posts photos to the fan page.
- It happens sometime that several different desktop apps post photos from different PCs (i.e. different IPs I guess)
Anybody has a clue what's going on and how to resolve this?
Thank you.
I have a facebook app that serves two purposes:
1) Allows users to facebook connect with my site 2) Allows my site to post to my sites facebook fan page wall
What I'm concerned about is the 2nd usage. I used to be able to set the permissions for an app on a fan page to just allow posting (via the php sdk) without any concern about an access token. Now I've created some new fan pages and that functionality seems to have been removed. Alright, so I go through the whole process of getting an access token (successfully) for the user (always me or another admin of my facebook fan pages) and use that token to get the access tokens for the fan pages I manage (I have the manage_pages permission and so do the other admins for the pages I want to post to). However by the engine gets around to posting content to my fan pages the tokens have expired with one of two error messages:
Error invalidating access token: Session does not match current stored session. This may be because the user changed the password since the time the session was created or Facebook has changed the session for security reasons.
or
OAuthException: Error invalidating access token: The session has been invalidated because the user has changed the password.
But this isn't an access token dependent on outside users, only internal people (me and one other guy right now). We aren't changing our passwords or doing anything. I've even tested it by logging out of facebook after acquiring tokens and it works fine. It's just after a little while they expire for no reason that I can determine. When I get the tokens I can check them on the debugging tool and they are supposed to last 60 days (according to the doc) although the tool says they never expire.
I've set up the system so when it fails to post to the page I get an email with the link to my site to update the tokens.
Anyone have a clue what's going on?
Upvotes: 8
Views: 12263
Answers (6)
Reputation: 15754
I had same problem and resolved it "reinstalling the app to users facebook applications". it may help you if nothing answers to problem.
To do that:
- facebook user who is facing the problem goes to its facebook page
- he/she removes your app from his/her application list.
- Retry to login via facebook sdk on android.
Upvotes: 0
Reputation: 53
A temporary solution is to ask the user to delete the application from it's profile, and allow it again.
Upvotes: 0
Reputation: 101
As Mikhail pointed out, if you get an error reporting that the token is invalid cause user has changed the password. Odds are you are requesting a new token somewhere hidden in the code, when you already have a valid one.
Upvotes: 2
Reputation: 247
You can fetch the unauthorized token so a new token is requested (or whatever you like).
I can provide a nice explanation but you can read it all here: https://developers.facebook.com/blog/post/2011/05/13/how-to--handle-expired-access-tokens/
Upvotes: -1
Reputation: 1
I have the same problem in my app - sometimes tokens expiring.
One of the find reason: sometimes my app ask for new token while old token is valid and FB return an error or i couldn't save new token for some reason. After that old token expire - only one token for pair user-app may be valid.
Upvotes: 0
Reputation: 734
Possibly related to this bug? https://developers.facebook.com/bugs/241373692605971?browse=search_4fb4832bcaf7b1549293950
Upvotes: 1
Related Questions
- Graph API Explorer > Get User Access Token > always gives "Token Expired"; What's wrong?! & How to overcome?
- Never Expiring Facebook Page Access Token
- How can I force a facebook access token to expire?
- Server-to-server Facebook Access Token expires
- Access token expired
- facebook access tokens expiration unclear
- Facebook app (NOT user) access token expiration
- Facebook oAuth Access Token supposedly "never" expiring
- Facebook access token expiration
- Facebook App Access Token lasts forever?