Search code examples
ruby-on-railsfacebookfacebook-graph-apikoala

Trying to do a fb apprequest using Koala but access token expired. How should I handle?

I know this question of expired tokens has been asked many times. But I couldn't find one that fit my situation. Basically I want to make a fb apprequest to the user regardless if he/she is online or offline on Facebook.

Also, I am confused with Facebook documentation. So appreciate if someone could answer the questions I have below.

  • Facebook access token expires immediately after a user signs out of Facebook unless it is a long-lived token ?

  • Say user A access token has expired. Is it possible for me to get a new access token without the user A going back to my canvas application ?

  • When I authenticate a user do I get a short-lived token which I can then extend the validity if I want to or do I get a long-lived token by default ?

Below is the code I use to do a fb request using Koala:

begin
  graph = Koala::Facebook::API.new(access_token)
  graph.put_object("me", "apprequests", {:message => "..."})
rescue Koala::Facebook::APIError
  # Assume a user has a short-lived token and hasn't visit my application for a long time. 
  # Is it possible to get a NEW long-lived token here without the user going to my application again 
  # (assume the user did not remove my application) ? If Yes, how to do that using Koala ?
end

Thanks!

Solution

  • Facebook access token expires immediately after a user signs out of Facebook unless it is a long-lived token ?

    Yes.

    Say user A access token has expired. Is it possible for me to get a new access token without the user A going back to my canvas application ?

    The user has to interact with your app in some way for you to get a new token. That interaction doesn’t have to be visiting your actual canvas page, it can f.e. also be a call to FB.getLoginStatus on a page he’s visiting.

    When I authenticate a user do I get a short-lived token which I can then extend the validity if I want to or do I get a long-lived token by default ?

    If you’re doing server-side authentication, you’ll get a long-lived one. Doing it client-side you’ll get a short-lived token, which you than may exchange for a long-lived one.

    But that’s all clearly described here: https://developers.facebook.com/roadmap/offline-access-removal/