Facebook: генерация Long-Lived User Tokens


1 The OAuth Dialog

First, register a Facebook application and obtain an application Id and secret. Now, within your website, create with a page that can only be accessed by your site’s admins. This page will provide a button to invoke the OAuth Dialog popup which will allow your admins to log into Facebook using your FB app.

The URL for the button should be of the following:

 https://www.facebook.com/dialog/oauth?client_id=&redirect_uri=&scope=manage_pages%2Cpublish_stream&state=

Where:

APP_ID is your application id.
REDIRECT_URL is a callback URL that Facebook will issue when authorization is successful
STATE is a unique code (generated by you) which Facebook send back to you as a request parameter on the REDIRECT_URL request

What Comes back:


CODE is a code generated by Facebook to validate a particular successful OAuth login with a subsequent request for a access token.

2 Obtain User Access Token(Short Lived)

Next is to obtain the short lived user access token using the “code” which was passed to your site as a request parameter on the callback. To do this, invoke a GET request to the following URL:

 https://graph.facebook.com/oauth/access_token?client_id=&amp;client_secret=&amp;code=<code></code>

Where:

ПОЛЕЗНО  10 Tips for Effective Dealer Website

APP_ID is your application id.
APP_SECRET is your application secret
The CODE is the value of the code request param on the callback URL in step 1.

What comes back:

The JSON response will contain the short lived access token.

3 Obtain User Access Token(Long Lived)

You must exchange this short lived token with a long lived token by invoking a GET request to the following URL:

 https://graph.facebook.com/oauth/access_token?grant_type=fb_exchange_token&client_id=&client_secret=&fb_exchange_token=

Where:

APP_ID is your application id.
APP_SECRET is your application secret.
SHORT_LIVED_TOKEN is the short lived user access token received in the previous step.

What comes back:

The JSON response will contain the long lived access token.

ПОЛЕЗНО  Обработка фото: сохраняем резкость при ресайзе

4 OBTAIN PAGE ACCESS TOKEN

Use the long lived token to retrieve a page access token by issuing a final GET request to:

 https://graph.facebook.com/me/accounts?access_token=

Where:

LONG_LIVED_TOKEN is the access token received in step 3.

What comes back:
The JSON response will contain a array of all pages this particular user has permission to manage. Iterate though this list to find the page of interest. The access_token is long lived and thus will not expire and can be stored in your database. Below is an example response:

{
  "data": [
    {
      "category": "Website",
      "name": "My Test Page",
      "access_token": "CAAChdS...",
      "perms": [
        "ADMINISTER",
        "EDIT_PROFILE",
        "CREATE_CONTENT",
        "MODERATE_CONTENT",
        "CREATE_ADS",
        "BASIC_ADMIN"
      ],
      "id": "999999"
    },
    {...}
}

найдено тут