Recently Facebook announced deprecation of offline_access permissions. So the question that is most frequently asked is "How do I get a token I can use when the user is not logged in?"
So, please add this to your FAQ.
How do I get a token for offline access?
Fairly simple. When the user is logged into your app, take their current access token (usually this one expires in an hour or so) and pass it as a query string parameter to a specific URL.
That url is:
https://graph.facebook.com/oauth/access_token?
client_id=[APP_ID]&
client_secret=[APP_SECRET]&
grant_type=fb_exchange_token&
fb_exchange_token=[EXISTING_ACCESS_TOKEN]Replace
[APP_ID], [APP_SECRET] and [EXISTING_ACCESS_TOKEN] with your application values and the current access token, and in the response from Facebook, you will get a 60 day access token.Why is Facebook making it hard?
In my opinion, I believe it is to reduce the number of spammy apps. Facebook says it's to drive more traffic to your app and also to ensure that your app is relevant and important to the user. I've heard of Facebook also wanting to ensure that the apps become less independent and more dependent on user interaction. Most developers do hope that their app is relevant and useful to the user. And most developers are not trying to spam. However, because of the naughty ones, the rest of us have to suffer who want to do something like making it easier for marketers to schedule posts in advance.
Can I exchange my 60 day access token for a new 60 day access token?
No, sorry you cannot. You can only exchange a valid (meaning current) user access token for an extended one. You cannot extend an already extended access token.
Final thoughts
So with this knowledge, we need to make our apps more engaging and let the user know they will need to visit fairly often. For those apps that do automated work with no user interaction, this means someone will have to manually get a 60 day token (I prefer to use the Facebook Graph API Explorer Tool) and plug it into their application via refreshable settings, as opposed to hard-coded in compiled apps.
