CODEWITHSUNDEEP
facebooktoken
James Cameron
James Cameron

Reputation: 1762

How long do the extended access_token lives?

Just read about the offline_access permission being removed and therefore having the new system of "extended access tokens".

My problem is that i'd like to save the expiration timestamp to take care that the saved access tokens are always valid, but the Documentation doesn't provide a time that the extended token is valid for.

Does anyone have more information regarding that? It'd be interesting to know if they long-living tokens are valid for days, weeks or months.

Upvotes: 1

Views: 581

Answers (2)

Skyrocket Rocketsky
Skyrocket Rocketsky

Reputation: 95

It only returns back access_token not

access_token=xxxxx&expires=yyyyy as mentioned above.

Atleast that is what I can see...

Upvotes: -1

Nitzan Tomer
Nitzan Tomer

Reputation: 164307

When you use the new endpoint which is explained in the post you linked to:

https://graph.facebook.com/oauth/access_token?             
    client_id=APP_ID&
    client_secret=APP_SECRET&
    grant_type=fb_exchange_token&
    fb_exchange_token=EXISTING_ACCESS_TOKEN

The response will have this form:

access_token=xxxxx&expires=yyyyy

The expires param is what you are after I believe.
Long lived tokens are good for 60 days, and you can check tokens (for debugging) with the Debug Tool which will tell you everything you need to know about the token.

Edit

A few more things.
The "expires" parameter gives you the time left until expiration, so the expiration time is timestamp of now + expires.

It's easy to check this with out the need to do any development, just create a fb app (if you don't have one), go to the Access Token Tool and copy the user token from your app, then using curl make a request to the new endpoint.

As for extending the long lived tokens, there's no way to do that, you'll need to re-authenticate the user after that, as it states in the same post:

If you pass an access_token that had a long-lived expiration time, the endpoint will simply pass that same access_token back to you without altering or extending the expiration time

Another point is that you can get long lived access tokens by using the Server-Side authentication flow, but those too can not be extended.

Upvotes: 2

Related Questions