Use "appId|appSecret" as access_token

Question

I've found in documentation that it is possible to use appId and appSecret pair as access_token in the format "appId|appSecret".

The problem, when I'm using this technique with graph API, I don't receive the full information, only some of the fields (permissions are set in the app settings). When I'm trying to use it with FQL I get "A user access token is required to request this resource." exception.

Could somebody route me on the right track how to perform API requests?

My application is running on the server-side, that's why I've chosen these method.

E.g. When I run GET request on https://graph.facebook.com/me/friends?fields=name&access_token="app_id|app_secret" I get correct response. But when I run https://graph.facebook.com/me/friends?fields=name,notes&access_token="app_id|app_secret" the query returns only friends id's and names. It's worth to mention, that I user has granted access to "notes" for that application.

Answer 1

I think this because this kind of access token can replace the app token, but not the user token. And with the app token, you can:

This can be used to modify the parameters of your app, create and manage test users, or read your application's insights. App access tokens can also be used to publish content to Facebook on behalf of a person who has granted an open graph publishing permission to your application.

It means that with this kind of token, you don't have any special permission, so your request cannot work.

What you could do is send the user access_token to your server and then use this token to perform the API request.