如何从Facebook Graph API(服务器端身份验证)获得长期访问令牌？

Question

由于Facebook正在删除offline_access权限,我想继续迁移我们的网站以使用新系统.

我在Facebook的网站上找到了这个文件:https: //developers.facebook.com/roadmap/offline-access-removal

但是,当我使用服务器端身份验证处理某人时,我收到此响应:

access_token => BLAHBLAHBLAHdontusemytokensilly
expires => 4992

当我尝试使用访问点(在该文档上)来扩展访问令牌超过几个小时时,我得到了回复:

access_token => BLAHBLAHBLAHdontusemytokensilly
expires => 4990

根据该文档,服务器端OAuth应该获得一个持续60天的令牌,我不明白为什么我没有得到它.

我真的不想每2小时通过OAuth重定向发送我们的用户.

有任何想法吗？谢谢!

UPDATE

根据要求,这是我正在采取的流程(在浏览器中):

首先,我在这里重定向用户:

https://www.facebook.com/dialog/oauth?client_id=BLAHBLAH&redirect_uri=http%3A//localhost/user-social/facebook/redirect&scope=user_about_me%2Cuser_events%2Cuser_interests%2Cuser_likes%2Cfriends_likes%2Cuser_location%2Cuser_status%2Cuser_subscriptions%2Cfriends_subscriptions %2Cemail%2Ccreate_event%2Cpublish_stream%2Crsvp_event%2Cpublish_actions%2Cuser_actions.music%2Cfriends_actions.music%2Cuser_actions.news%2Cfriends_actions.news%2Cuser_actions.video%2Cfriends_actions.video%2Cmanage_pages

这会将用户重定向到此处:

http://localhost/user-social/facebook/redirect?code=BLAHBLAHBLAHsomeawesomecode#_=_

然后我请求了一个访问令牌,如下所示:

https://graph.facebook.com/oauth/access_token?client_id=BLAHBLAH&redirect_uri=http%3A//localhost/user-social/facebook/redirect&client_secret=BLAHBLAHsomeawesomesecret&code=BLAHBLAHBLAHsomeawesomecode

我从Facebook收到这个休息:

access_token=BLAHBLAHBLAHdontusemytokensilly&expires=4057

这显然是一个短命的令牌.根据Facebook文档(上文),我应该收到一个长期存在的令牌(因为我使用的是服务器端OAuth).

但是,由于它是短暂的,我试图将它换成一个长期存在的令牌:

https://graph.facebook.com/oauth/access_token?client_id=BLAHBLAH&redirect_uri=http%3A//localhost/user-social/facebook/redirect&client_secret=BLAHBLAHsomeawesomesecret&grant_type=fb_exchange_token&fb_exchange_token=BLAHBLAHBLAHdontusemytokensilly

这是Facebook返回的内容:

access_token=BLAHBLAHBLAHdontusemytokensilly&expires=3967

两个请求中都返回相同的access_token.

更新2

我将上面的访问令牌放入Facebook调试器中,这就是它返回的内容:

App ID: 
BLAHBLAH
User ID:    
211800900 : David Barratt
Issued: 
Unknown
Expires:    
1347303600 (in 40 minutes)
Valid:  True
Origin: Web
Scopes: create_event create_note email friends_actions.music friends_actions.news friends_actions.video friends_likes friends_subscriptions manage_pages photo_upload publish_actions publish_stream rsvp_event share_item status_update user_about_me user_actions.music user_actions.news user_actions.video user_events user_interests user_likes user_location user_status user_subscriptions video_upload

更新3

删除所有权限并重新授权应用程序后(如@phwd建议).Facebook API返回:

access_token=BLAHBLAHBLAHdontusemytokensilly

这是否意味着我已经返回了长期存在的access_token？如果是的话,到期日在哪里？

更新4

当我通过Facebook调试器运行上述access_token时,我得到以下结果:

App ID: 
BLAHBLAH
User ID:    
211800900 : David Barratt
Issued: 
1347309538 (39 minutes ago)
Expires:    
Never
Valid:  True
Origin: Web
Scopes: create_event create_note email friends_actions.music friends_actions.news friends_actions.video friends_likes friends_subscriptions manage_pages photo_upload publish_actions publish_stream rsvp_event share_item status_update user_about_me user_actions.music user_actions.news user_actions.video user_events user_interests user_likes user_location user_status user_subscriptions video_upload

这似乎解决了原始问题,但奇怪的是access_tokens是无限期的,而不是持续规定的60天.

关于为什么会出现这种情况的任何想法？

Answer 1

不确定你是否知道。但无论用户登录您的应用程序多少次，访问令牌每天只会更新一次。

请参阅：https://developers.facebook.com/roadmap/offline-access-removal/