How-To Handle expired access tokens for Facebook App

Since Facebook removed offline_access – manageing access tokens has been quite difficult. I have developed a web app http://www.cybernetikz.com/social-background/ for Facebook pages and twitter accounts. While devloping the app i have face the expired access tokens problem. I will discuss how you can solve some of the problem.

There 3 reasons that can make the access token in valid

  • 1. The token expires after expires time (2 hours is the default).
  • 2. The user changes her password which invalidates the access token.
  • 3. The user de-authorizes your app.

The first problem is unavoidable. But we can extend the access token’s expire time to 60 days. After we extend the expire time – all the page access tokens will have unlimited expire time – it means the page access token will not expire unless 2 and 3 happens. You can get more details here https://developers.facebook.com/docs/howtos/login/login-as-page/. So download the latest PHP SDK from github

$facebook = new Facebook(array(
  'appId'  => Configure::read("facebook_app_settings.app_id"),
  'secret' => Configure::read("facebook_app_settings.app_secret"),
));		
$loginUrl = $facebook->getLoginUrl(array(
	'scope'	 => 'manage_pages'),
	''
);
$uid = $facebook->getUser();
if ($uid) {
	try {
		$user_profile = $facebook->api('/me');
		$facebook->setExtendedAccessToken(); // Set access token to 60 days
	} catch (FacebookApiException $e) {
                $uid = false;
		echo $e->getMessage();
	}
}
if ($uid) {
       try {
	    $temp = $facebook->api('/me/accounts?limit=100');
	} catch (FacebookApiException $e) {
	    echo $e->getMessage();
	}
}

Now we can check the access token validity by setAccessToken function

$facebook->setAccessToken($access_token_page_or_user);	
try {
	$user_profile = $facebook->api('/me');						
} catch (FacebookApiException $e) {
	pr($e->getMessage());
}

Now the problem is what to do when the 60 days is over or number 2/3 happens. There actually noting to do but then the user to login urlwhich you can get by calling getLoginUrl() function. You can refreshing Long-lived User Access Tokens bt Facebook does not guarantee this. So sendin user to login url is the best ways. If the user already logged in to Facebook and did not removed your app then user will not see any thing Facebook will just redirect them to you app.

About Zakir Hyder

This entry was written by .

23. January 2013 by Zakir Hyder
Categories: Facebook, Graph Api, PHP | Tags: , , , | Comments

Comments

  1. […] How-To Handle expired access tokens for Facebook App January 23, 2013 7:05 PM Since Facebook removed offline_access – manageing access tokens has been quite difficult. I have developed a web app http://www.cybernetikz.com/social-background/ for Facebook pages and twitter accounts. While devloping the app i have face the expired access tokens problem. I will discuss … Continue reading → […]

  2. […] Since Facebook removed offline_access – manageing access tokens has been quite difficult. I have developed a web app http://www.cybernetikz.com/social-background/ for Facebook pages and twitter accounts. While devloping the app i have face the expired access tokens problem. I will discuss…  […]