如何让Facebook _Account_（即Page）访问永远不会过期的令牌？ [英] How to get Facebook _Account_ (i.e. Page) access tokens that never expire?

问题描述

这个话题是因为某些不幸的术语选择而非常困难，所以在提出问题之前，这里有一个快速的澄清：

This topic is extremely hard to Google for because of some unfortunate terminology choices, so here's a quick clarification before I ask my question:

Facebook帐户（即一个人的顶级个人帐户）可以拥有Facebook不幸称为帐户的子帐户（公司，品牌，名人等）。与这些帐户进行交互的端点位于[用户ID] /帐户。为了这个问题的目的，我将其称为子帐户。

Facebook accounts (i.e. a person's top-level, personal account) can have sub accounts (companies, brands, celebrities, etc) which Facebook unfortunately calls "accounts". The endpoint for interacting with these "accounts" is at [user id]/accounts. For the purposes of this question, I'll refer to these as "sub-accounts"

FACEBOOK STATEMENTS&实际观察：

FACEBOOK STATEMENTS & ACTUAL OBSERVATIONS:

Facebook在这篇文章中（ https://developers.facebook.com/roadmap/offline-access-removal/ ），说了几件事：

Facebook, in this post (https://developers.facebook.com/roadmap/offline-access-removal/), says a few things:

1. 有两种类型的access_tokens：长期存在的用户access_token将有效期为60天，而短期用户access_tokens当前有效期为1到2小时实际观察：似乎是真的我的应用程序只是服务器端，所以我无法确认短类型。

1. That there are two types of access_tokens: "the long-lived user access_token will be valid for 60 days while the short-lived user access_tokens are currently valid from 1 to 2 hours" ACTUAL OBSERVATION: Seems true. My app only does server-side, so I can't confirm the short type.

如果access_token是从服务器端OAuth调用生成的，最终的access_token将在默认情况下具有较长的到期时间实际观察：我的服务器端应用程序确实产生更长的60天到期日。

"if the access_token is generated from a server-side OAuth call, the resulting access_token will have the longer expiration time by default" ACTUAL OBSERVATION: My server-side app does produce longer, 60-day expirations.

从...请求扩展access_token时 https://graph.facebook.com/oauth/access_token?client_id=APP_ID&client_secret=APP_SECRET&grant_type=fb_exchange_token&fb_exchange_token=EXISTING_ACCESS_TOKEN ...如果您传递一个长时间的access_token活着的到期时间，端点将简单地传递相同的access_token回到你而不改变或延长到期时间实际观察：这不是t在我的情况下。当我通过原始的60天令牌时，我会收到不同的令牌。此外，新的不同的标记根本不起作用。 FB端点在尝试使用时返回身份验证失败。

"When requesting an extended access_token from... https://graph.facebook.com/oauth/access_token?client_id=APP_ID&client_secret=APP_SECRET&grant_type=fb_exchange_token&fb_exchange_token=EXISTING_ACCESS_TOKEN ...if you pass an access_token that had a long-lived expiration time, the endpoint will simply pass that same access_token back to you without altering or extending the expiration time" ACTUAL OBSERVATION: This is not true in my case. When I pass the original 60-day token, I get a different token back. Furthermore, the new, different token does not work at all. The FB endpoint returns an authentication failure when attempting to use it.

当用户授予应用程序manage_pages权限时，该应用程序可以获取页面访问权限用户通过查询[用户名] /帐号管理的页面的令牌...通过使用长期存在的用户访问令牌，查询[用户ID] /帐户端点现在将提供不会过期的页面访问令牌。 实际观察 页面访问令牌我的应用程序检索（使用原始，根，60天令牌）ARE在60天后到期，无限期。根据＃3，我无法使用新的，不同的（据称扩展的）访问令牌，因为它无效。

"When a user grants an app the manage_pages permission, the app is able to obtain page access tokens for pages that the user administers by querying [User ID]/accounts... By using a long-lived user access token, querying the [User ID]/accounts endpoint will now provide page access tokens that do not expire." ACTUAL OBSERVATION: The page access tokens my app retrieves (using the original, root, 60-day token) ARE expiring after 60 days when they should be infinite. Per #3, I can't try this with the new, different (supposedly extended) access token because it is invalid.

问题：

1. 我的服务器端请求产生有效期为60天的令牌。请求扩展令牌应该返回相同的令牌，但不会。为什么不呢？

1. My server-side request produces tokens that are valid for 60 days. Requesting an extended token should echo the same token back, but doesn't. Why not?

我正在回来的新的不同的令牌根本不起作用。为什么不这样？

The new, different token I'm getting back doesn't work at all. Why not?

如果原始访问令牌我的应用程序获取是长的60天类型，那么我检索的PAGE访问令牌应该是非-expiring。但他们确实到期了。为什么？

If the original access tokens my app gets are the long, 60-day type, then the PAGE access tokens I retrieve with them should be non-expiring. But they do expire. Why?

任何帮助将不胜感激!!!

Any help would be much appreciated!!!

主持人注意：在禁止此问题不被面向代码之前，Facebook将所有问题都转交给Stack Exchange。 https://developers.facebook.com/support/ 如果我不能在这里提出这个问题，那我该怎么问呢？

Note to moderators: Before disabling this question for not being "code-oriented" enough, Facebook points all questions to Stack Exchange. https://developers.facebook.com/support/ If I can't ask this question here, then where would I ask it?

更新：正式支持的方式来检查令牌的有效性是
如下：

UPDATE: The officially-supported way of checking a token for validity is as follows:

graph.facebook.com/debug_token？
input_token = {token-to-inspect}
& access_token = {app-token-or-admin-token}

当我使用这种方法时，我给我的用户的应用程序令牌应该显示为0。所以我猜他们是无限的。我不可能知道，直到60天过去，FB是否用过期说出真相：0;

When I use this method, the app tokens I've got for my users show an expiration of "0" as they should. So I guess they are infinite. It's impossible for me to know for sure until 60 days have passed whether FB is telling the truth with "expires":0;

推荐答案

第一篇文章，与我一起。

First post, bear with me.

取自： https://developers.facebook.com/docs/facebook-login/access-tokens/

即使长期存取的访问令牌最终也会过期。在任何时候，您可以通过将该人员发送回您的应用程序使用的登录流程来生成一个新的长寿命令牌 - 请注意，该人员实际上不需要再次登录，他们已经授权您的应用程序，所以他们将立即使用刷新的令牌从登录流程重定向到您的应用程序 - 该人员的显示方式将根据您使用的登录流程的类型而有所不同，例如，如果您使用JavaScript SDK，则会发生在背景，如果您使用服务器端流程，浏览器将快速重定向到登录对话框，然后自动并立即再次返回到您的应用程序。

Even the long-lived access token will eventually expire. At any point, you can generate a new long-lived token by sending the person back to the login flow used by your app - note that the person will not actually need to login again, they have already authorized your app, so they will immediately redirect back to your app from the login flow with a refreshed token - how this appears to the person will vary based on the type of login flow that you are using, for example if you are using the JavaScript SDK, this will take place in the background, if you are using a server-side flow, the browser will quickly redirect to the Login Dialog and then automatically and immediately back to your app again.

执行上述操作后，您将获得一个新的短命令，然后您需要执行上述长命令的相同交换。

当您尝试扩展长寿命令牌时，Facebook会向您发送一个短暂的刷新令牌。当您获得此刷新令牌时，可以使用与登录流程中的令牌用于从Facebook获取另一个扩展令牌的方式相同。

When you try to extended a long-lived token, Facebook will send you a short-lived refresh token that. When you get this refresh token, it can be used the same way the tokens from the login flow are used to get another extended token from Facebook.

对于您的第三个问题，页面访问令牌必须使用Page admin的用户令牌，以便您能够代表页面获得授权。如果您在刷新页面令牌时遇到问题，请检查您的重新验证的应用权限。

For your third question, Page access tokens have to use the Page admin's user token in order to for you to be able to receive authorization on behalf of the Page. Check your app permissions regarding re-authentication if you're having problems refreshing the Page token.

这篇关于如何让Facebook _Account_（即Page）访问永远不会过期的令牌？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！