How Do You Handle Expired Access Tokens for the New OpenGraph Publish Actions Feature?

It looks like, even when you have publish_actions permission, the acces开发者_运维百科s_token still expires after a few hours. If the goal of publish_actions is to be able to do things for the user in the background without having to ask for permissions over and over again, how do we renew the token without input from the user?

I also read here: https://developers.facebook.com/docs/beta/opengraph/actions/:

Note - Apps can also use an App Access Token to publish actions for authenticated users.

But that doesn't work for me either, I get:

{"error":{"message":"An active access token must be used to query information about the current user.","type":"OAuthException"}}

EDIT The App Access Token does work, but in the API URL you have to change "me" to the user's ID (e.g. https://graph.facebook.com/me => https://graph.facebook.com/<some user id>)

There are very very few cases where you need the offline_access permission.

To post OG actions, the user must be present in your app. You may not post actions on their behalf when they're not present and performing actions in your app.

As such, you can use the JS SDK to keep the user token fresh. Just run FB.getLoginStatus() asynchronously on each page, and it will ensure you always have a valid access token as long as the user has auth'd your app and is signed into Facebook.

Sounds like you found your answer :). You could ask for the offline_access permission (generatea a non expiring user token) if you did want to use the user token instead of the app token although I would recommend using the app token where possible.