StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POFacebook server-side authentication returns short-living access_token
text
Body
copied!<p>I have posted this question in Facebook Developer Group but no-one could give a compete answer. I have a Facebook application which uses server side authentication. The code looks like this:</p> <pre><code>$config = array(); $config['appId'] = $fbconfig['appid']; $config['secret'] = $fbconfig['secret']; $config['fileUpload'] = false; // optional $facebook = new Facebook($config); //Facebook Authentication part $mobile = false; $code = false; if (isset($_GET["code"]) && !empty($_GET["code"]) && strlen($_GET["code"])>1){ $code = trim($_GET["code"]); } //MOB VAR if (isset($_REQUEST['mob']) && !empty($_REQUEST['mob'])) { mobile = true; }else{ } if ($mobile){ $loginUrl = $facebook->getLoginUrl( array( 'redirect_uri' => $fbconfig['baseUrl'].$loginpart, 'scope' => 'email,user_likes' ) ); $token_url = "https://graph.facebook.com/oauth/access_token?client_id=".APP_ID."&redirect_uri=".urlencode($fbconfig['baseUrl'].$loginpart)."&client_secret=".$fbconfig['secret']."&code=".$code; }else{ $loginUrl = $facebook->getLoginUrl( array( 'redirect_uri' => $fbconfig['appBaseUrl'].$loginpart, 'scope' => 'email,user_likes' ) ); $token_url = "https://graph.facebook.com/oauth/access_token?client_id=".APP_ID."&redirect_uri=".urlencode($fbconfig['appBaseUrl'].$loginpart)."&client_secret=".$fbconfig['secret']."&code=".$code; } if ((!isset($_GET['code']) || empty($_GET['code']) ) ) { echo "<script type='text/javascript'>top.location.href = '$loginUrl';</script>"; exit; } else{ if ($code){ $response = file_get_contents($token_url); $params = null; parse_str($response, $params); $access_token = $sessionKey = $AccessToken = $params['access_token']; if(isset($AccessToken) && !empty($AccessToken)){ if(isset($params['expires'])){ $ExpDate = $params['expires']; </code></pre> <p>I shortened the code not to annoy You.</p> <hr> <h2>THE PROBLEM</h2> <p>For some reason the code returns short <code>$ExpDate</code> which can be from 3000 seconds to 7000 seconds. This happens not for all users but to 10%-15% of them.</p> <h2>What I have tried</h2> <ul> <li>Despite the fact Facebook should return long-living access_token I tried to exchange it with the <code>/oauth/access_token?</code> url. No result:it returns the same expire time.</li> <li>I tried to catch the <code>$SERVER['HTTP_USER_AGENT']</code> to find out what in common do the users have with short-living access_tokens. No result:everything is different(they can be from mobile device, desktop, IOS native Facebook app....)</li> <li>I changed my settings from privacy settings to every possible version, installed, removed application many times trying to reproduce the situation. No result: for me it works perfectly.</li> <li>I saved the code of the user and tried to get the access_token manually. I was not able to do that as I had forgotten that the codes can be used only one time. </li> </ul> <h2>How can You Guys Help</h2> <ul> <li>If someone has the same authentication method please check your database. Do you have the same problem?</li> <li>If someone has an Idea why could this happen please help to find the reason. </li> <li>If we find out that this is a bug we can create a bug report on Facebook</li> </ul> <p>Thank you.</p>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload