1 The OAuth Dialog
First, register a Facebook application and obtain an application Id and secret. Now, within your website, create with a page that can only be accessed by your site’s admins. This page will provide a button to invoke the OAuth Dialog popup which will allow your admins to log into Facebook using your FB app.
The URL for the button should be of the following:
https://www.facebook.com/dialog/oauth?client_id=&redirect_uri=&scope=manage_pages%2Cpublish_stream&state=
Where:
APP_ID is your application id.
REDIRECT_URL is a callback URL that Facebook will issue when authorization is successful
STATE is a unique code (generated by you) which Facebook send back to you as a request parameter on the REDIRECT_URL request
What Comes back:
CODE is a code generated by Facebook to validate a particular successful OAuth login with a subsequent request for a access token.
2 Obtain User Access Token(Short Lived)
Next is to obtain the short lived user access token using the “code” which was passed to your site as a request parameter on the callback. To do this, invoke a GET request to the following URL:
https://graph.facebook.com/oauth/access_token?client_id=&client_secret=&code=<code></code>
Where:
APP_ID is your application id.
APP_SECRET is your application secret
The CODE is the value of the code request param on the callback URL in step 1.
What comes back:
The JSON response will contain the short lived access token.
3 Obtain User Access Token(Long Lived)
You must exchange this short lived token with a long lived token by invoking a GET request to the following URL:
https://graph.facebook.com/oauth/access_token?grant_type=fb_exchange_token&client_id=&client_secret=&fb_exchange_token=
Where:
APP_ID is your application id.
APP_SECRET is your application secret.
SHORT_LIVED_TOKEN is the short lived user access token received in the previous step.
What comes back:
The JSON response will contain the long lived access token.
4 OBTAIN PAGE ACCESS TOKEN
Use the long lived token to retrieve a page access token by issuing a final GET request to:
https://graph.facebook.com/me/accounts?access_token=
Where:
LONG_LIVED_TOKEN is the access token received in step 3.
What comes back:
The JSON response will contain a array of all pages this particular user has permission to manage. Iterate though this list to find the page of interest. The access_token is long lived and thus will not expire and can be stored in your database. Below is an example response:
{ "data": [ { "category": "Website", "name": "My Test Page", "access_token": "CAAChdS...", "perms": [ "ADMINISTER", "EDIT_PROFILE", "CREATE_CONTENT", "MODERATE_CONTENT", "CREATE_ADS", "BASIC_ADMIN" ], "id": "999999" }, {...} }