Website keeping Facebook access token alive

Question

Not a programming question but not sure where-else this can be asked:

My site posts on user's Facebook wall when specific events occur. Since Facebook token has a max of 60 days lifespan now, I'm wondering what would be the best practice to renew this access token. For example, should I send a email every 2 months asking the user to login to my site, and re-authorize Facebook?

Answer 1

Since Facebook token has a max of 60 days lifespan now, I'm wondering what would be the best practice to renew this access token.

Obviously, it requires user interaction – after all, that’s the whole point of deprecating offline_access. (I guess from your question that you know that, mentioning it anyway.)

For example, should I send a email every 2 months asking the user to login to my site, and re-authorize Facebook?

That would be one way to go about it.

Another way would be, assuming your app users are regular visitors of facebook.com, to send them a notification. Upon clicking on that, the are send to your app’s canvas page – where you can get a new short-lived access token immediately by simply calling the JavaScript SDK’s FB.getLoginStatus. Send that to your server, extend it … and you’re good to go for another 60 days.

(You might not have a canvas page for your app – but this could be a good reason to set one up, even if it’s sole purpose would be the process described above.)

Apart from that, you should check if you actually need a user access token for what you’re doing. Many things can be done with your app access token also, as long as your app has the relevant permissions from the user (f.e. posting to wall, reading data, etc.)

Answer 2

You can extend an access_token by using the endpoints discussed in the documentation