We have ~75 apps in facebook at the moment, so when someone joins the company an admin of all the apps has to manually add him as tester/developer/admin 75 times, which is a pain.
I've been asked to make a tool on our admin page that adds the new user to all the apps with the specified role.
If I'm not wrong, to add a new user to an app with a specific role you just have to send a POST request to graph.facebook with parameters:
I really have no clue on how to handle the access tokens, I could store all of them in a database, but how could I renew them once they expire or the admin changes password? Would I have to make the admin manually renew all the access tokens?
Am I doing this wrong? Is there another approach to this?
It doesn't really make sense to store the access tokens since they are short lived (two hours).
Depending on what's the purpose you only renew when needed. So as the employee reaches your admin page there should be a Facebook login redirect (or even a FB JS client that sends either the code/token back to your server). With Facebook login if the user already authorised the app and no additional permissions are needed then the employee doesn't really need to do anything the access token will "renew" in that sense.
(A similar thing happens when you use the Graph API explorer, or any app that handles a user coming back to an application gracefully such that only way the user knows Facebook login was initiated again is to check his/her browser console)