Facebook PHP SDK: get & ldquo; long-life & rdquo; now identify yourself as & ldquo; offline_access & rdquo; is obsolete


BASIC PROBLEM: I want my app to be able to make calls to the Facebook graph api about authorized users even while the user is away.

For example, I want the user (A) to authorize the app, then later I want user (B) to be able to use the app to view info about user (A)'s friends. Specifically: the "work" field. Yes, I am requesting those extended permissions (user_work_history, friends_work_history, etc). Currently my app has access to the logged-in user's friends work history, but not to any of the friends' work history of other users of the app.

Here's what I know already:

  • Adding offline_access to the scope parameter is the old way and it no longer works.
  • The new way is with "long-lived" access tokens, described here. These last for 60 days.
  • I need to exchange a normal access token to get the new extended token. The FB documentation says:

    client_id=APP_ID& client_secret=APP_SECRET& grant_type=fb_exchange_token& fb_exchange_token=EXISTING_ACCESS_TOKEN

Here's what I don't know (and I'm hoping you can tell me): How do I get the extended (aka "long-lived") access token using the Facebook PHP SDK? Currently, my code looks like this:


Is there such a thing as this?:


If not, is this what I should be doing?

$accessToken = $facebook->getAccessToken();
$extendedAccessToken = file_get_contents("https://graph.facebook.com/oauth/access_token?

I've tried it and it doesn't work. I get this error:

Warning: file_get_contents(https://graph.facebook.com/oauth/access_token? client_id=#######& client_secret=#########& grant_type=fb_exchange_token& fb_exchange_token=##########) [function.file-get-contents]: failed to open stream: HTTP request failed! HTTP/1.0 400 Bad Request in /...

Does it work any differently if I switch to FQL instead of the graph api? I've read through the Facebook documentation many times, but the PHP sdk is not thoroughly documented and I can't find any examples of how this should work.

I finally figured this out on my own. The answer is pretty anti-climactic. It appears that newly created apps get 60 day access tokens automatically. I'm not sure if this is dependent on enabling the "depricate offline_access" setting in the Migrations section of the app settings. Leave it on to be safe.

So at the time of writing this, you can use the PHP SDK as follows: $facebook->getAccessToken();

(The reason my app wasn't working as expected was unrelated to the expiration of the access token.)

Just one more thing, to get long-lived access token using PHP SDK you should call $facebook->setExtendedAccessToken(); before $facebook->getAccessToken();