How do I get Facebook access token that never expires?

In order for your Groups Access Token to never expire you must first be an admin of a Facebook “Page”.  This is because Facebook Page tokens never expire by default and so we can then “exchange” the tokens to ensure that your Groups token also doesn’t expire.

If you already an admin of a Facebook Page then you’re good to go. Just use the button inside our plugin to connect your group and your token will never expire.  If you are not an admin of a Facebook Page then you would need to create one first (or be made an admin on an existing page).  You can simply create a blank Facebook page for this purpose.  Once you are an admin of a Facebook page then simply use the button inside our plugin again and the token should then automatically be extended so that it never expires.

Couldn’t find your answer in the docs?

Was this article helpful?

With the facebook API, page tokens can often be used in place of user tokens. This is very useful because if you are doing something with a business, its not ideal to have to use your own user token for everything. However, if you don’t want to have to recreate a new token all the time, you have to go through the process of getting a long-lived page access token.

IMPORTANT! - Make sure that your user has permissions to access both the Facebook page and the Facebook groups, and make sure that the Facebook groups are linked to the Facebook page!

Now lets talk about some definitions:

short-lived user access token: This is the regular user_access_token, and it typically lasts about 2 hours.

long-lived user access token: This user access token last about 60 days and you get it by extending a short-lived user access token

page access token: These are similar to user access tokens and are created using a user access token.

If you create a page access token using a short-lived user access token, it is also short-lived and expires in about 2 hours.

But if you create a page access token using a long-lived user access token, then it does not have an expiration date. It lasts until its access is revoked.

Bingo!

To get a user access token you first have to have a facebook app, and then the user (in this case, you) has to grant permissions to your app. Specifically your app needs the permission called manage_pages.

The easiest way to do this is to use Facebook’s Graph API Explorer.

Open up the page, then select your app Application dropdown and select “Get User Access Token” from the other dropdown:

Then in the popup, make sure you check the box for manage_pages and click “Get Access Token”

Then your access token will be populated in the Access Token field:

Ok, then we need to exchange that short-lived token for a long-lived token, and we can do it with this same Facebook Graph API Explorer tool.

We need to make a GET request to the Facebook Graph API to the path /oauth/access_token with the following parameters:

1
2
3
4
5

/oauth/access_token?  
    grant_type=fb_exchange_token&           
    client_id={app-id}&
    client_secret={app-secret}&
    fb_exchange_token={short-lived-token-we-just-made} 

So make a string that looks like this:

1

/oauth/access_token?grant_type=fb_exchange_token&client_id=9382767696389008&client_secret=1aac234d48ce90uu57c1b579faa92f00ufa&fb_exchange_token=EAAcZBbBDPXSwBACfeRskLz5LJJCigZBZBDyr4pmZCcVsrpFaoDUDSXthSDzdq4bqO75iEE17TBbpxIyQ1eTR3OIfGq2KPZBloF4xJ0I1GU1hxOnCGJmZBVg0DXU4IrDgcURm4ceKE4M1ZAFdGNmt5y2shsETLxAEKwZD

And paste it into here and you’ll get your long-lived access token in the response:

Now that you have your long-lived user access token, we can exchange it by making a GET request in the Facebook Graph API Explorer to get the long-lived page access token.

You need to take that long-lived user access token and paste it into the Access Token field then put this in the path field:

Dealing with expired access tokens can be a little tricky. There is no way to determine if an access token is expired without making a request to Facebook. For this reason, you must always assume that an access token could be expired when making requests to Facebook. This means that ever request you make to Facebook could throw an OAuthException and that your application much be prepared to handle it. In short, you should always wrap your requests in a try { ... } catch (FacebookOAuthException) { } and be prepared to handle an unauthorized request.

FacebookOAuthException

When an access token is invalid or expired, Facebook will return an error and the Facebook SDK for .NET will throw a FacebookOAuthException. The most basic example of handling the FacebookOAuthException is show below.

try {
    var client = new FacebookClient("my_access_token");
    dynamic result = client.Get("me/friends");
} catch (FacebookOAuthException) {
    // Our access token is invalid or expired
    // Here we need to do something to handle this.
}

Reasons for OAuth Exceptions

There are a variety of reasons why an OAuth error and FacebookOAuthException could occur. The most obvious is that the use has simply logged out of Facebook. If a user logged out of Facebook and you attempt to make a request using their token you will receive and error. Second, if a user has removed (deauthorized) your application and you attempt to make a request you will will also receive an error.

Next, if the users permissions are not valid for the request you are making. This could happen either because the user never granted the permission or they removed a particular permission from your app. For example, if you were to request a user's email address, but never asked them for the 'email' permission, you would receive an OAuth error as show below.

try {
    var client = new FacebookClient("my_access_token");
    dynamic result = client.Get("me/email");
    var email = (string)result.email;
} catch (FacebookOAuthException) {
    // The access token expired or the user 
    // has not granted your app 'email' permission.
    // Handle this by redirecting the user to the
    // Facebook authenticate and ask for email permission.
}

The next reason why an access token is invalid is simply because too much time has passed since the user has been active on your application. If an access token is not used for a period of time it will eventually expire and you must request a new token.

Finally, be mindful that there can be errors with Facebook's API. If you make a request and believe that the token is valid you can always retry the request. Be careful when performing retries though as you can easily reach your request limit by being too aggressive with retries. If you reach your API request limit you will receive a FacebookApiLimitException and you must wait for a period of time before your application can make a new request. You can read more about Facebook API limits here.

Currently, you can request a permission called 'offline_access' which grants you an access token that will never expire. This is being deprecated by Facebook and it is no longer recommended you built applications that rely on this type of token.

Requesting Long Term Access Tokens

According to Facebook doc's standard short term access tokens expire after 1 -2 hours, and extended tokens expire after approx. 60 days. Don't depend on the 60 day time limit , I have seen extended tokens expire in as little as 30 days. Extended Access tokens are necessary any time you want to make an API call after the user has ended their session on your app. For example, telling a user to make a specific post or liking a specific page, then later checking to see if the user has made that specific post after they leave your app. You have to already have a short term token before requesting the long term token.

    private string GetExtendedAccessToken(string ShortLivedToken)
    {
        FacebookClient client = new FacebookClient();
        string extendedToken = "";
        try
        {
            dynamic result = client.Get("/oauth/access_token", new
            {
                grant_type = "fb_exchange_token",
                client_id = "{your app id}",
                client_secret = "{your app secret id}",
                fb_exchange_token = ShortLivedToken
            });
            extendedToken = result.access_token;
        }
        catch
        {
            extendedToken = ShortLivedToken;
        }
        return extendedToken;
    }

Getting info and Expire date of Tokens

The input token will be the token that you are requesting information about, your app access token or a valid user access token from a developer of the app

     FacebookClient client = new FacebookClient();
     dynamic result = client.Get("debug_token", new
                       {
                         input_token = "{input-token} ",
                         access_token = "{access-token}"
                       });

The resuls will come back formatted like this. scope are the extended permissions that were granted with this token. This request can also be used to check what extended permissions the user has authorized. Note: that the issued_at field is not returned for short-lived access tokens.

{ "data": { "app_id": 138483919580948, "application": "Social Cafe", "expires_at": 1352419328, "is_valid": true, "issued_at": 1347235328, "scopes": [ "email", "publish_actions" ], "user_id": 1207059 } }

Reauthorizing a Users

When making any API call, if any OAuth exception is caught then then user will need to reauthenticate to get a new access token. This can be done through the Facebook Javascript SDK, or by redirecting the user to the Log In page.

How do I make my access token never expire?

How do I get a long time access token on Facebook?

How do I get a permanent access token?

Does Facebook access token expire?