I’m building application which will provide new filters for Facebook users. For these filters to work I need to fetch user posts (from his wall) so I managed to let them log in through their Facebook account and I’m storing their access_token to get updates when realtime update will come.
The problem is – when user is browsing through my page each request allows me to make one Graph API call (with permissions user granted to my app), but when I’m trying to make second call (while user is, i.e. reading his best friends posts) Graph API returns only public information about this user even when I’m giving valid access_token.
Is there anything I can do to surpass this problem? Example of call I’m making:
/1198448946?access_token=token
The token has possibility to check users email (I got required permission), but response is stripped out of it. When I tried to use the same URI in Graph API Explorer – it returned the response I wanted (using the same access_token!), but app is still showing only public information.
First thing you need to do is read this:
https://developers.facebook.com/roadmap/offline-access-removal/
The short answer is that the token you receive by default will be short lived (1-2 hours). Facebook has removed the offline access permission, but you can now exchange the short life token for a long life token (60 days). You update this token each time they visit your website to get another 60 days.
This resource should help you to see why the access token is expiring. It also documents the correct steps to take when you detect an expired token when the user is present.
https://developers.facebook.com/docs/howtos/login/debugging-access-tokens/