As others have already pointed out, the access_token is a unique random string, so it cannot be decrypted as such. Also, we all know that the user_id and app_id are prerequesites to generate the token in the first place.

However, let’s assume you stored your token(s) in a database and lost the associated user_id and app_id. In that case, it is a valid question on how to retrieve them having only the token at hand. If your token is still valid, this is possible. If it is expired, you’re out of luck.

To retrieve the user_id, make a call to:

https://graph.facebook.com/me?fields=id&access_token=xxx

To retrieve the app_id, make a call to:

https://graph.facebook.com/app?fields=id&access_token=xxx

In both cases, the associated id’s will be part of the JSON response, regardless of the access_token being an encrypted or unencrypted one.

Let’s illustrate this with an example. Let’s assume Mark Zuckerberg uses the Graph API Explorer to generate an access_token. Calling the /me endpoint gives you:

{
  "id": "68310606562"
}

and calling the /app endpoint gives you:

{
  "id": "145634995501895"
}

The ids you were looking for are part of the response.

Please note that this does not work with the access_token shown on https://developers.facebook.com/apps (not sure if this is a Facebook mistake or intentional). Please use the access_token that your app receives via OAuth.