Find Expire Time for an access token

Update: There is a new API endpoint to access information about an access token. You can find info here: Debugging Access Tokens and Handling Errors

https://graph.facebook.com/debug_token?input_token=INPUT_TOKEN&access_token=ACCESS_TOKEN

  • input_token: the Access Token to debug
  • access_token: your App Access Token or a valid User Access Token from a developer of the app.

--

You should try to make sure that you store each token's expiration time along with the access token when you get it. For a page access token, that means storing the expiration time of the user access token. If you would like to manually discover expiration times for tokens you have today, you should use Facebook's Access Token Debugger tool. However, you should not be relying on expiration times alone -- in practice, many tokens will expire much earlier than their expiration time.

Application access tokens will never expire, unless the application secret key is reset.

Page access tokens last up to 60 days (5184000 seconds), but more importantly, they last as long as the user access token that was used to acquire them. So they will be invalidated as soon as the user that you got them from:

  • logs out of FB.
  • changes password.
  • deauthorizes your application.

Basically, when you lose the user's token, you will lose the page's token. Instead, you should retrieve page access tokens once per user access token. If you throw out a user access token, throw out the page token. You should not be trying to store page access tokens for any significant period of time. Instead you should get them as needed and forget them when a user's session dies.

To get a new page access token:

https://graph.facebook.com/PAGEID?fields=access_token&access_token=USER_ACCESS_TOKEN

I would like to repeat this question for the current version of the API since I've come to a situation when Facebook doc clearly does not describe what is happening:

  • no expiry dates when requesting a new long-lived token with fb_exchange_token
  • no expiry dates when requesting debug_token information (expires_at = 0)
  • it does reply with an expiration date when redirecting the user to the auth page for the first time, but that does not help as I cannot extract the long-lived expiration date nor it will reply with this information for the second time

The debug tool here: https://developers.facebook.com/tools/debug/accesstoken says "Expires: Never".


Access Token Debugger

https://developers.facebook.com/tools/debug/access_token

Does not use the Graph API... but a very useful tool for manual debugging.


There is now an API version of the debugger tool.

See https://developers.facebook.com/docs/authentication/access-token-debug/

Tags:

Facebook Graph Api

Recent Posts