Search code examples
javascriptfacebook-graph-apiinstagram-apifacebook-access-tokeninstagram-graph-api

Is refreshing long lived access token endpoint working in 2021?

Trying to refresh my long lived access token via this endpoint:

https://developers.facebook.com/docs/instagram-basic-display-api/guides/long-lived-access-tokens#refresh-a-long-lived-token

Keep getting the error: OAuth "Facebook Platform" "invalid_token" "Invalid OAuth access token."

However, I debug my token using https://developers.facebook.com/tools/debug/accesstoken/ which shows that it is valid and for around 2 months (which proves its a long lived access token).

Does this endpoint not work anymore or am I missing something?

P.S. I'm using a User Access Token, its a public Instagram business account backed by a Facebook page. Also, I'm using this on server, so it won't refresh if the token is used within 60 days (that's what happens when you auth through FB mobile sdk).

EDIT

So it looks like there are two requirements that I missed:

  1. Your long lived access token has to be at least 24 hours old in order to refresh
  2. You need the 'instagram_graph_user_profile' permission/scope when logging your user into Facebook

HOWEVER

I tried:

  1. Oddly enough, whenever I add that permission/scope to the list, Facebook Login always fails and says "There's something wrong". I tried this using the facebook login react npm package, the manual login flow by just making requests, and the FB SDK login button, all the same result.
  2. The Facebook Graph API Explorer doesn't include this permission. However, the list of permissions they have does include it.

So what does this mean, Facebook isn't allowing refresh of long lived tokens?

NOTE: The docs on how to refresh a long lived access token are for the Basic Display API, which isn't recommended for business accounts (which is who will be using my app). So this makes me more unsure of if it is possible to refresh tokens for the Instagram Graph API.

MORE INFO

So on the FB developer portal, if you add the Instagram Basic Display product to your app (I previously didn't have it) it allows you to ask for the instagram_graph_user_profile permission. However, this brings up more questions:

  1. Do I have to use Insta Graph API + Insta Basic Display in order to get a a refreshable long lived access token?
  2. If so, how does that work? Because Insta Basic Display is recommended for personal accounts and Graph API is for business accounts.
  3. If so, how do I add the instagram_graph_user_profile permission? It still causes FB login to fail.
Solution

  • So I ended up contacting a few companies that I know for a fact do what I was trying to do and they confirmed that Facebook does REQUIRE the user to re-authorize after ~60 days.

    If they don't, the long lived access token will expire.