I disabled offline_access so that I could get extended access tokens without asking for the offline_access permission.
While testing, it seemed to work fine at first. I got a token that expired in 60 days. Then I removed the app from facebook's app settings so I could test. As soon as I removed it, I started getting tokens that expire in 2 hours.
Is this a bug? Or maybe this is a security thing like as soon as the app is removed, a flag is set not allowing extended tokens? Someone from Facebook please help me.
Edit: I forgot to mention that this is for an iOS app and I'm using the latest Facebook iOS SDK (which has support for extending the token). After getting the user logs in, I'm calling the extendAccessToken method but I'm still getting back an accessToken that expires in less than 2 hours.
Looks like this was a bug that Facebook has since fixed.