Facebook Getting Correct Access Token

Question

What is the difference between the long and short access tokens?

for example i am trying to get mutual friends using the following:

https://graph.facebook.com/$uid1/mutualfriends/$uid2?access_token=$token

and getting the access toke using the following function:

function getAccessToken(){
    $url ='https://graph.facebook.com/oauth/access_token?client_id='.FB_APP_ID.'&client_secret='.FB_SECRET_ID.'&grant_type=client_credentials';
    $info = file_get_contents($url);
    $clean = clean_up_data($info);
    return($clean);

}

but this does not work as the token is not valid, although if i used the access token found in Graph API Explorer it works but this token changes to much.

So how would you go about getting the valid token to allow access to mutual friends?

Answer 1

The token you get by using the code in your question is an app token and it can not be used to get friends of the user. The app token does not expire unlike the user token.

User token can be short or long lived, based on how you obtained them. The short lived expire within a few hours, but the longed lived tokens expire only after 60 days.

Short lived tokens are produced for the logged in user with the javascript sdk and the client side authentication flow and can be extended to long lived tokens using this new endpoint. The server side flow also produces long lived tokens.

Once the app gets a user access token it cam them query for data on the behalf of the logged in user. You can check that with the explorer tool by selecting the application on the top right and then clicking the "Get Access Token" button, after allowing the app and permissions you'll see that the "Access Token" field has the access token and you can start making api requests.