Facebook App Access Token lasts forever?

Question

Is a Facebook App Access Token (not a User Access Token) always the same for the same app? I noticed it hasn't changed for my app in several days, so I wonder if it might be a good idea to turn it into a constant instead of retrieving it every time I need it.

https://graph.facebook.com/oauth/access_token?
     client_id=YOUR_APP_ID&client_secret=YOUR_APP_SECRET&
     grant_type=client_credentials

http://developers.facebook.com/docs/authentication/

(search for App Login)

Thanks!

Answer 1

App access token changes in only 1 case as mentioned in the previous answer.

• when the AppSecret is reset

Changing of AppSecret is a major change in the case of a Facebook application. It will be better if you store both appSecret and access token in an app.config/web.config and access it from there. This will help you to reset then when required without casuing changes to your code.

Answer 2

As far as I'm aware they don't currently expire unless your app's secret is changed in the app settings.

I definitely recommend caching it instead of making the call each time to fetch a new one, but it might be worth putting some code in place to re-retrieve it automatically and update your cache if an API call fails with an auth token error, in case it changes at some point in the future

I'd recommend some logic like:

   try{
       //call which needs an app access token
   } catch OauthException {
    // try to retrieve a new access token from Facebook
    if (new access token != old access token)
       //update cache of app access token
       // try call again
    else 
       //handle error some other way
    }

(obviously if your app secret changes you'd also need to update your code for retrieving the access token, but maybe someday the token will expire without the secret changing)

Answer 3

It is a static access token unless you manually ask them to change it.