问题描述

我想知道是否有可能有一个访问令牌永远不会过期到我的页面发布

I would like to know if it is possible to have an access token that never expires for post to my page

现在我得到访问令牌：

https://graph.facebook.com/me/accounts

我有 publish_stream 和 manage_pages 权限，但使用我看到令牌在约1小时内到期。有没有办法永不过期？

I have publish_stream and manage_pages permission, but using the Access Token Debugger I see that the token expires in about 1 hour. Is there a way to never expires?

推荐答案

请参阅：

所以，你必须使用服务器端调用来交换一个长期令牌的初始短标记：

So, you have to exchange your initial shortlived token for a longlived token with a server side call:

https://graph.facebook.com/oauth/access_token?
client_id=APP_ID& client_secret=APP_SECRET& grant_type=fb_exchange_token& fb_exchange_token=EXISTING_ACCESS_TOKEN 

然后使用该长期令牌查询我/帐户。确实适用于我们，即调试器显示：'Expires：Never'

And then query me/accounts with that longlived token. Definitly works for us, i.e. the debugger shows: 'Expires: Never'

编辑 - strong>

edit - our process

所以，我们做的是：

• 与我们的应用程序在那里我们得到一个代码用户接受请求的权限，并将他的帐户与我们的应用程序连接

• first client side authentication with our app where we get a "code" back after the user accepts the requested permissions and connects his account with our app

？
client_id = YOUR_APP_ID& redirect_uri = YOUR_REDIRECT_URI& scope = COMMA_SEPARATED_LIST_OF_PERMISSION_NAMES& response_type = code

https://www.facebook.com/dialog/oauth? client_id=YOUR_APP_ID &redirect_uri=YOUR_REDIRECT_URI &scope=COMMA_SEPARATED_LIST_OF_PERMISSION_NAMES &response_type=code

现在在我们的服务器应用程序中，我们使用以交换访问令牌的代码：

Now in our server application we use server side authentication to exchange code for access token:

？
client_id = YOUR_APP_ID& redirect_uri = YOUR_REDIRECT_URI& client_secret = YOUR_APP_SECRET& code = CODE_GENERATED_BY_FACEBOOK

https://graph.facebook.com/oauth/access_token? client_id=YOUR_APP_ID &redirect_uri=YOUR_REDIRECT_URI &client_secret=YOUR_APP_SECRET &code=CODE_GENERATED_BY_FACEBOOK

使用这个access_token，我们将服务器端交换为以上描述

With this access_token we do the server side exchange as described above

现在我们要求我/帐户，所得到的access_token总是有效

Now we request me/accounts and the resulting access_token is always valid

希望有助于