We're developing an iPhone app backed by a server. The server talks to Facebook in order to push Opengraph events. I'm trying to test this code. I've created Facebook test users in the web interface. If I manually generate tokens for them they get generated with a 24 hour expiry, which render them useless for the tests. So I need to generate the tokens on demand in the testcode. The Facebook developer docs https://developers.facebook.com/docs/test_users/ say I can get accounts/test-users to list the test users and their tokens. However when I do that I get this:
{
error: {
message: "(#15) This method is not supported for native apps",
type: "OAuthException",
code: 15
}
}
I presume this is because we are developing an iPhone app (although in the Facebook app config we have the website, facebook app and ios app sections configured).
Is there some setting I need to change to make this work? Or some other way of generating the tokens? or a way of manually generating longer lived tokens that could be hard coded into the tests?
Yes - change the 'App Mode' setting under advanced settings back to 'Web' - you should only use 'Native/Desktop' if the app secret is embedded in the client binary.
When this setting is set to 'Native/Desktop' the app secret is untrusted because any of your users could extract the secret from the client code and make calls on behalf of the app