Facebook PHP SDK v5 access tokens/workflow

Question

I am attempting to build what is essentially a diary using Facebook Login to enable users to log into the site. Users can log in with the JavaScript SDK (as suggested in the docs) and then I need to get the user details on the server side so I can store diary entries for the users in a database (using the Facebook user ID to identify the user). I am attempting to use getJavaScriptHelper() to do this in the PHP SDK v5.

I'm getting a little confused with how to correctly handle/store access tokens. So far I have this (I have cut out try / catch bits for brevity):

$fb = new Facebook\Facebook([
    'app_id' => $APP_ID,
    'app_secret' => $APP_SECRET,
    'default_graph_version' => 'v2.5',
]);

$helper = $fb->getJavaScriptHelper();
$accessToken = $helper->getAccessToken();

if (isset($accessToken)) {
    $oAuth2Client = $fb->getOAuth2Client();
    $longLivedAccessToken = $oAuth2Client->getLongLivedAccessToken($accessToken);
    $fb->setDefaultAccessToken($longLivedAccessToken);
    $response = $fb->get('/me');
    $userNode = $response->getGraphUser();
    $name = $userNode->getName();

    echo $name;
}

This seems to work fine until I leave the page for a while (possible session expiry problem?), come back and refresh the page; when I do so I find a This authorization code has expired. exception has been thrown.

My question is this: how can I avoid this problem and make sure that the access token obtained through getLongLivedAccessToken() really does last the "about 60 days" the docs refer to? Do I need to store access tokens in sessions/cookies/database?

Answer 1

you have to check if user logged in or not. if logged in so we have to find access token in SESSION or (we can save it in db) then we will use it for access facebook graph.

If user not logged in we have to generate access link with permission we want to use in to access data. after we generate the link we redirect user to facebook to get code to generate access token from it. when user allow your app to access his data facebook with redirect to your website with variable called CODE

        $fb = new Facebook\Facebook([
            'app_id' => $APP_ID,
            'app_secret' => $APP_SECRET,
            'default_graph_version' => 'v2.5',
        ]);

        $helper = $fb->getRedirectLoginHelper();

        if(isset($_GET['code']) || isset($_SESSION['fb_token'])){
           $accessToken = $helper->getAccessToken();
           if (isset($accessToken)) {
            $_SESSION['fb_token'] = (string) $accessToken;
            $oAuth2Client = $fb->getOAuth2Client();

            $longLivedAccessToken = $oAuth2Client->getLongLivedAccessToken($accessToken);

            $fb->setDefaultAccessToken($longLivedAccessToken);
            $response = $fb->get('/me');
            $userNode = $response->getGraphUser();
            $name = $userNode->getName();

            echo $name;
        }
      } esle{
           $_permissions = array(
              'public_profile',
              'user_friends',
              'email',
              'user_about_me');
           $canvasLink=callback_url_in_your_app;

          $helper = $this->_fb->getRedirectLoginHelper();
        header('location:'. $helper->getLoginUrl($canvasLink, $permissions);
    }