Cara menggunakan is facebook still php

Although each platform generates access tokens through different APIs, all platforms follow the basic strategy to get a user token:

Short-Term Tokens and Long-Term Tokens

User access tokens come in two forms: short-lived tokens and long-lived tokens. Short-lived tokens usually have a lifetime of about an hour or two, while long-lived tokens usually have a lifetime of about 60 days. You should not depend on these lifetimes remaining the same - the lifetime may change without warning or expire early. See more under handling errors.

Access tokens generated via web login are short-lived tokens, but you can convert them to long-lived tokens by making a server-side API call along with your app secret.

Mobile apps that use Facebook's iOS and Android SDKs get long-lived tokens by default.

Apps with Standard access to Facebook's Marketing API when using long-lived tokens will receive long-lived tokens that don't have an expiry time. These tokens are still subject to invalidation for other reasons, but won't expire solely based on time. This is also true of access tokens for System Users in Business Manager.

Tokens are Portable

One important aspect to understand about access tokens is that most tokens are portable. However, Apple does not allow moving tokens to servers. Otherwise, once you have an access token you can use it to make calls from a mobile client, a web browser, or from your server to Facebook's servers. If a token is obtained on a client, you can ship that token down to your server and use it in server-to-server calls. If a token is obtained via a server call, you can also ship that token up to a client and then make the calls from the client.

Moving tokens between your client and server must be done securely over HTTPS to ensure the security of people's accounts. Read more about the implications of moving tokens between your clients and your server.

Different platforms have different methods to kick off this process and include functionality to manage access tokens on behalf of the developer and the person granting permissions:

Android

The Facebook SDKs for Android automatically manages user access tokens through the class com.facebook.AccessToken. You can learn more about obtaining a user access token by implementing Facebook Login for Android. You can retrieve the user access token by inspecting .

Sample Code

@Override
public void onCreate(Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);
    accessToken = AccessToken.getCurrentAccessToken();
}

iOS

The Facebook SDKs for iOS automatically manages user access tokens through the class FBSDKAccessToken. You can learn more about obtinaing a user access token by implementing Facebook Login for iOS. You can retrieve the access token by inspecting .

Sample Code

- (void)viewDidLoad
{
  [super viewDidLoad];
  NSString *accessToken = [FBSDKAccessToken currentAccessToken];
}

Javascript

The Facebook SDK for Javascript obtains and persists user access tokens automatically in browser cookies. You can retrieve the user access token by making a call to FB.getAuthResponse which will include an accessToken property within the response.

Sample Code

FB.getLoginStatus(function(response) {
  if (response.status === 'connected') {
    var accessToken = response.authResponse.accessToken;
  } 
} );

Please visit the Facebook Web SDKs documentation for a .

Web (without JavaScript)

When building a web app without Facebook's SDK for Javascript you will need to generate an access token during the steps outlined in that document.

This section covers the case where someone uses an app's custom login system to create an account. Later, while they are still logged in they want to associate their Facebook account with it. For example, people can sign up to Spotify with an email address and a password, but they can later choose to associate that account with their Facebook account using Facebook Login, such as when they want to publish their listening activity to their timeline.

1. Add a Facebook Login flow to your app

in your app to complete this step. In the Spotify example, you begin Facebook Login flow to the point in the app where the person indicates that they'd like to publish their listening activity, or you might offer an explicit option to link their account with their Facebook account.

2. Handle merging of account information

Once a person logged in to your app using your own login system, and then completes the Facebook Login flow, your app will have two very important things that must now be merged:

• The account created by the app
• Information from Facebook identifying that person's Facebook account

In the majority of apps, the original account will have been stored in a database table, so the simplest approach is to associate the Facebook account information with that account in the database.

It is generally better to create a new table in which you store the person's Facebook account information. The advantage to keeping a separate table in lieu of adding more columns to your existing account table is that it enables you to quickly support other OAuth account logins over time.

In the future, if the same person chooses to log in to your app, you can match the information stored in the database to log them in using either method seamlessly.