CODEWITHSUNDEEP
javascriptfacebookapifacebook-graph-api
Eduscho
Eduscho

Reputation: 459

Facebook access token changes on every pageload

is it correct that the Facebook API access token changes on every pageload?

I thought once a token was obtained, it would stay the same until expiry.

I am using the Facebook SDK for Javascript.

Facebook says that with this SDK, there is no need to manually manage access tokens. The SDK just does it.

But is it correct that the token changes on every pageload?

My code is this:

  <div id="fb-root"></div>
   <script>
  window.fbAsyncInit = function() {
    FB.init({
      appId      : 'xxxxxxxx',
      status     : true,
      xfbml      : false,
      cookie     : true
    });
  };

  (function(d, s, id){
     var js, fjs = d.getElementsByTagName(s)[0];
     if (d.getElementById(id)) {return;}
     js = d.createElement(s); js.id = id;
     js.src = "//connect.facebook.net/en_US/all.js";
     fjs.parentNode.insertBefore(js, fjs);
   }(document, 'script', 'facebook-jssdk'));



function check() {
        FB.getLoginStatus(function(response) {
      if (response.status === 'connected') {
        // the user is logged in and has authenticated your
        // app, and response.authResponse supplies
        // the user's ID, a valid access token, a signed
        // request, and the time the access token 
        // and signed request each expire
        console.log(response);
        var uid = response.authResponse.userID;
        var accessToken = response.authResponse.accessToken;
      } else if (response.status === 'not_authorized') {
        // the user is logged in to Facebook, 
        // but has not authenticated your app
        console.log(response);
      } else {
        // the user isn't logged in to Facebook.
        console.log(response);
      }

     });



}


</script>

     <span onClick="check()">test</span>

Upvotes: 2

Views: 2075

Answers (2)

andyrandy
andyrandy

Reputation: 73984

I just tested this and you are right, the Token changes with every page refresh. I would not worry much about it though, when using one of the SDKs (JavaScript, PHP, ...) you most likely don´t need to think about the Access Tokens at all. And even if you need them (for managing Pages, for example), you can just use the last one.

The "older" Tokens are still valid btw, they don´t get invalidated. But they will stop working after 2 hours anyway.

There is also a second parameter you can set to "true": https://developers.facebook.com/docs/reference/javascript/FB.getLoginStatus/ (see "Roundtrips to Facebook's servers") - which may have explained the new Token, but you´re not using that either.

Upvotes: 1

Satish Saini
Satish Saini

Reputation: 2968

Facebook has recently changed its process of refreshing access token.

Try to use this if it works in you case:

https://graph.facebook.com/oauth/access_token?
client_id=APP_ID&
client_secret=APP_SECRET&
grant_type=fb_exchange_token&
fb_exchange_token=EXISTING_ACCESS_TOKEN

EDIT:

This will might help you as well. Link

Upvotes: 0

Related Questions