I have a Facebook application that does scheduled posts on fan pages.
To do this, the app acquires an OAuth token to use for posting on the page. To get this token, the user needs to visit the app. However sometimes Facebook invalidates these tokens, at least if the user changes their FB password and it seems in some other security-related cases too.
When this happens, the app will fail to post the scheduled post and users are unhappy. How should I resolve this? I could email the users when their token expires, but how would I detect the expiration? Given I have 100,000+ users, it would be expensive to poll the tokens very often.
Well do directly answer your question, here you go: Facebook Debugger
Enter the Access_token there to check its validity and other info. But I know that wouldn’t solve your problem in general. I can help you in the right direction.
You see token validity is affected by the permissions you asked from the user. There is this
offline_accesspermission that gives you an access token that won’t time-out, not the regular hour-long tokens. And I’m sure you know this since you’re already able to schedule user posts.Unfortunately,
offline_accessis now deprecated by Facebook (see this link). From now on, Facebook will give us 2-month access_token by default, even without the permission. From then on, we’ll need to “refresh” or extend the access token. Read more on that link.And about your problem in use changing password, logs out, etc, Well Facebook has its own dedicated blog post about it as well, see here.
If you wanna take the path of checking token validity yourself, you can setup a CRON that runs every hour or everyday (depends on you), and do a quick API call for each token (/me). If it fails or generated an error, token expired.
Much better if you’ll do it every minute: 10 to 20 tokens to check, so it wont have a heavy burden on your server doing 100,000+ calls in one execution.