I am creating long lived access tokens for my users when they first sign up for my app, this has been working fine for the past 6-8 months. Recently, the manage_pages permission was revoked from my app (when Graph API v8.0 was released) due to lack of use. It is true that we did not use this permission, but the reason we asked for it is because it was required for some of the calls we were doing to gather Instagram insights for our users when we first started. I don't know if this has anything to do with the issue but just including it anyways.
Now it seems that newly created access tokens are automatically invalid, this was never the case before. I run these access tokens through the access token debugger and get the following error:
Error validating access token: The user has not authorized application [MY_APP_ID].
It seems this problem slowly began to onset, and now every single new user on our app is experiencing this issue, even after granting us the following permissions:
The permissions recently revoked from my app were:
Users go through the complete OAUTH flow, and when they are redirected to my site I create a long-lived access token but it seems the token does not recognize that the user had authorized my app, hence the reason it is invalid.
Here is my OAUTH Url for new users:
https://www.facebook.com/v5.0/dialog/oauth?client_id={{ settings.FACEBOOK_CLIENT_ID }}&redirect_uri={{ settings.FACEBOOK_REDIRECT_URL }}&state={{MY_STATE}}&return_scopes=true&auth_type=rerequest&scope=public_profile,email,instagram_basic,instagram_manage_insights,pages_show_list
You have to remove the manage_pages scope from your Facebook button code and replace it with the pages_show_list scope :)