Re: [mini_fb] Re: Managing Offline Permissions + Expired access_token(s)

[Travis Reeder]

Maybe you could send out an email if an access token fails asking them to come login again?  Pretty lame, but at least they *might* click the link and login again. 

On Tue, Oct 9, 2012 at 10:53 AM, Ian <i...@ayogo.com> wrote:

Hey GT,

We have a similar kind of application that needs offline access to gather like information from posts for a rankings board. Unfortunately, we don't have a good solution for when the user changes their password, or logs out, or whatever they do that invalidates their access_token. I would also love to hear if anyone else has been able work around these issues, but I have been unable to find anything useful in my readings of their limited blog posts or documentation either. Over the years though, I have come to expect this from FB... 

On Sunday, October 7, 2012 9:17:25 AM UTC-7, GT wrote:

Hey.

I've just read this blog post on Facebook. I couldn't really understand wtf they're talking about and was wondering if any mini_fb users are more clued up that I am when it comes to this stuff.

from my understanding, they're killing the offline_access permission and replacing it with some overly complicated short or long lived access_token model that, from my point of view, just makes more work for developers and benefits no one. anyway. here is the article.

https://developers.facebook.com/roadmap/offline-access-removal/

Additionally, I'm wondering if anyone has thoughts on a solution for this scenario.

My app makes announcements on behalf of 1000s of users onto their Facebook pages + profiles on a basis that ranges from daily to a few times a week.

When any of these users changes their facebook password, Facebook conveniently revokes all permissions previously granted to my app and that user is then forced to reconnect to my app, manually via my website. Im sure others are familiar with this frustration.

my question is, has anyone come up with an elegant solution to this problem that does not require the user to reauthorise the app?

I would love to hear peoples thoughts on this.

Thanks

--
You received this message because you are subscribed to the Google Groups "mini_fb" group.

To view this discussion on the web visit https://groups.google.com/d/msg/mini_fb/-/5hSzbvSuqDYJ.

To post to this group, send email to min...@googlegroups.com.
To unsubscribe from this group, send email to mini_fb+u...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/mini_fb?hl=en.

[Travis Reeder]

I'll push new release tomorrow. Feel free to remind me.

Or you should be able to use the github url in your Gemfile in the meantime.

On Oct 11, 2012 6:01 AM, "GT" <sa...@gigatools.com> wrote:

Hey.

Any news on this new version of the gem. or another way i can get that method? thanks guys

--
You received this message because you are subscribed to the Google Groups "mini_fb" group.

To view this discussion on the web visit https://groups.google.com/d/msg/mini_fb/-/FeRdsPO54HAJ.

[Travis Reeder]

Done!  v 1.2.0. 

On Fri, Oct 12, 2012 at 3:46 AM, GT <sa...@gigatools.com> wrote:

Tommorow is cool. or is that Today from when im writing this?

consider yourself reminded! thx again

--
You received this message because you are subscribed to the Google Groups "mini_fb" group.

To view this discussion on the web visit https://groups.google.com/d/msg/mini_fb/-/9Etauent2j8J.

[Ian]

Hi GT. 

I appears as if Facebook is no longer returning the expiry times for the long lived access tokens :(. If you keep getting the same access token back that is because it is already a long-lived access token. Unfortunately last I read, you cannot give fb_exchange_token a long-lived access token for further extension, you must give it a short lived access token from an active user using your app, to change it into a new long lived access token.

As for the error you are seeing while trying to get a long lived access token for a facebook page, I have no idea. I don't have any experience using that method on Facebook Pages. For that one you may want to try using facebook's curl script and see if it works there. If it still doesn't work, I would ask them why it doesn't work.



On Saturday, 13 October 2012 14:19:16 UTC-7, GT wrote:

Another potential issue, 

Ive tested the MiniFB.fb_exchange_token method on a 'User' with his Facebook Profile's token successfully. although without returning the expiry time.

Now im testing it on a Facebook Page that belongs to that User. The Facebook page has a fb_token aswell. which is used to post on the Pages behlaf with mini_fb

a few tests done in the console and i keep getting the following error.

thanks!

>> MiniFB.fb_exchange_token(FB_APP_ID, FB_SECRET, client.fb_token)

RestClient::InternalServerError: Internal Server Error

from /Library/Ruby/Gems/1.8/gems/rest-client-1.6.0/lib/restclient/abstract_response.rb:53:in `return!'

from /Library/Ruby/Gems/1.8/gems/rest-client-1.6.0/lib/restclient/request.rb:220:in `process_result'

from /Library/Ruby/Gems/1.8/gems/rest-client-1.6.0/lib/restclient/request.rb:169:in `transmit'

from /System/Library/Frameworks/Ruby.framework/Versions/1.8/usr/lib/ruby/1.8/net/http.rb:543:in `start'

from /Library/Ruby/Gems/1.8/gems/rest-client-1.6.0/lib/restclient/request.rb:166:in `transmit'

from /Library/Ruby/Gems/1.8/gems/rest-client-1.6.0/lib/restclient/request.rb:60:in `execute'

from /Library/Ruby/Gems/1.8/gems/rest-client-1.6.0/lib/restclient/request.rb:31:in `execute'

from /Library/Ruby/Gems/1.8/gems/rest-client-1.6.0/lib/restclient.rb:68:in `get'

from /Library/Ruby/Gems/1.8/gems/mini_fb-1.2.0/lib/mini_fb.rb:528:in `fb_exchange_token'

from (irb):21

from :0

>>  

[Ian]

Unfortunately yes, you can only get a long-lived access token by renewing a short lived access token. Although this does not mean they have to re-authorize your app, they do have to visit it (allowing you to get a short-lived access token to renew).

From the removing offline access post:

"While we are removing the use of the offline_access permission, through a migration setting in the Developer App, we are now allowing the option to use access_tokens with a long-lived expiration time that can be renewed each time the user revists your app"

And then they go on and say:

"When a user visits your site with an existing, valid, short-lived user access_token, you have the option to extend the expiration time of that access token. Our platform will only extend the expiration time once per day, so even if a user revists your site multiple times a day, the token will be extended the first time requested. You must make sure to call the new endpoint below before the short-lived access_token expires."

Cheers,

Ian

On Sunday, 14 October 2012 13:14:46 UTC-7, GT wrote:

Cool.

So, i was assuming that this exchange_tokens method could indefinitely prolong the validity of a users access token.

i.e. User authorises my Facebook App, via the usual Facebook connect prodcedure. I get an access_token for the user.

My app then, say every month, calls exchange_token on that users access_token and if the method returns a new token, use the new token to replace the existing token.. then repeat this procedure every month (as the tokens have a 6 week lifespan i think?)

OR have i misunderstood things. does the exahnge_token method only swap out a short lived token for a new long lived token.. ONCE.

which would mean that credentials eventually expire and users will be forced to reauthorise my App every 6ish weeks or so?

which would suck.

thanks guys