Facebook changed their Graph API recently to require an access token. Therefore I quickly made a Facebook application to be able to retrieve an access token, use a URL similar to the one below, generated my access token and implemented the token in my iPhone application. Lately I have been thinking about if I have done something wrong. Should I request the access token everytime a user of my application retrieves data from the Graph API? I am starting to doubt whether or not the access token is unique to each user or just to the Facebook application.
Can I hardcode an access token into my application or should I make a request on the URL below every time I need to retrieve data through the Graph API?
I am generating my access token with the following URL:
https://graph.facebook.com/oauth/access_token?client_id=MYID&client_secret=*MY_SECRET*&grant_type=client_credentials
Access token granted by user have expiration time. If token expired then you need to request it again. But if you ask user to grant you “offline_access” permissions then you’ll have almost not limited access token. You can store it in database or file and use next time.
Here FB documentation about permissions:
http://developers.facebook.com/docs/authentication/permissions/