fb_exchange_token for PHP only working once user removes app

Question

For a Facebook app that I am building, I require longer time than the default 1 - 2 hours.

I don't want to use "offline_access" as it puts people off from signing up to the app and is now depreciated.

In the developer road map it talks about "fb_exchange_token" which will extend the access token expiry date to 1 month.

The flow is:

• Login User

• Call .../oauth/access_token?...&grant_type=fb_exchange_token&fb_exchange_token=...

• Access token is now 1 month long

This works fine for all the new users, and for users who delete the app from their Facebook account and re-add it, but for our existing customer base, it doesn't work.

I have tried all sorts including adding other permissions to the login script to force the authenticate window, but no luck.

I have added the correct advanced/migration setting for the Facebook app as described in the documentation. There doesn't appear to be much help on this, apart from the dev blog.

Any help will be greatly appreciated.

FYI: I'm using the most up-to-date PHP SDK and the code to get the new access token is just the standard cURL request pointing to the following url:

https://graph.facebook.com/oauth/access_token?client_id={APPID}&client_secret={APPSECRET}&grant_type=fb_exchange_token&fb_exchange_token={ACCESSTOKEN}

Thanks again

Answer 1

I have been facing this problem and found that what just worked just now for me was deleting the app from my profile and re-adding the app and that allowed me to generate a 60 day token.

Answer 2

I am having the same issue. One other thing I've noticed: users that previously had the offline_access permission are also able to get the 60 day tokens, as well as newly authorized users.

I opened a bug to try to get a response from FB: https://developers.facebook.com/bugs/241373692605971