Migrating old facebook authentication keys to access_token

Question

I am working on an old application, which is now going to be updated so we can support the new Facebook features. I noticed that the user model have uuid, atoken and asecret facebook keys.

In the old site users had the ability of login in with Facebook and posting status updates. The thing is that I need to migrate the old user information to the new schema.

My wonder is, since I do not have an access_token for my users, how could I convert the token and secret Facebook keys to an oauth2 access_token, since I need the old users be able of using the application almost without noticing any architectural changes just the ones in design.

Answer 1

I believe you have to check for the current token - If the current token 'contains' the user's ID, then simply provide them with a link to update their token to become an auth token.

They should have implemented something so that the old token could be submitted to request a new auth token in exchange. But I'm guessing they're doing those changes to force user to re-login and maintain their privacy.

--edit-- I stand corrected. Facebook did indeed implement this, although it wasn't easy to find within their cr#p documentation: Facebook Migration

The code to run is:

curl -F client_id=your_app_id \
 -F client_secret=your_app_secret \
 -F sessions=session_key1,session_key2 \
 https://graph.facebook.com/oauth/exchange_sessions

This will return a proper OAuth Access Token, which can then be used with all 3.x SDK