Facebook给了我两个不同的acces令牌，PHP SDK

Question

I am using Yii as framework but i think that wouldn't mather.

At this point i use the PHP SDK to get the accounts information from an user, this works fine while my user logged in at first. But after 1 or 2 hours the access token expires and i get an error (which isn't weird).

But here is where i get stuck and i can think of 2 solutions but both i have no clue how to do them. First let me introduce some of my code:

To log in to my app users are send to the FacebookLogin() action:

public function actionFacebookLogin()
{
    $my_url = 'http://***.***.nl/app/facebook-popup.php';
    $permissions = 'read_insights, publish_actions, manage_pages, email';
    $loginUrl = Yii::app()->facebook->getLoginUrl(array('scope' => $permissions, 'display' => 'popup', 'redirect_uri' => $my_url));
    echo '<script> window.location="'.$loginUrl.'"</script>';
}

After the user granted the proper permissions, the user is send to the Login() action:

public function actionLogin() {
    $facebookID = Yii::app()->facebook->getUser();  
    $accessToken = Yii::app()->facebook->getAccessToken();
}

(The rest of the login action isn't important.)

Now at this point the ->getAccessToken() function gives me an proper access_token with a short life time. This would be fine unless the user is longer then 1 or 2 hours on my page, "some weird stuff now* after that the user has to logout and login back again. Then i still get the error except after around 10 minutes i get an new access_token which do grant me the needed permissions.

So to solve this i thought of 2 solutions, which i am unable to find the proper approach to use this.

First the easiest one. When i go to the Graph API Explorer and use the access_token my app gives me i get the info, but when i try to debug that access_token it shows that the access_token has an experation date. But when i use the same Graph API Explorer and let it generate an access_token on its own i get an access_token that doesn't expire at all.

As asked an update on my handlings with the Graph API Explorer I go to the API Explorer and change the app to my webapp. Then it got an normal access_token filled in automaticly. When i press the "debug" button it says that this access_token has an experation date. When i then go back to the Explorer and press the "get access token" button it gives me an other one. When i then again press the "debug" button it says that this access_token doesn't have an experation date. Which would be great if i can use this one.

So my first solution would be to get that last access_token (if possible) and store it in my database. Then when needed use the Facebook PHP SDK ->setAccessToken() function. But how?? I don't have a clue!

Second solution i thought of. I could also make an init() function which checks on every action if we got an valid access_token and if not get a new one or refresh the current one which is expired. This would have more server load then the first solution, and same with the first solution i have no clue how to achieve this.

I think that the main problem is that i find the Facebook docs kinda hard to understand, and i have no clue where to start from.

Any input would be very much appriciated!

Answer 1

You can either prolong the expiration time of the access token, as described here: https://developers.facebook.com/roadmap/offline-access-removal/

Or you can embed the JS SDK, which on every page call will get a fresh short lived access token if the previous one has expired. (And shares it with the PHP SDK via cookie.)