How can I obtain a new 'authorization code' without an HTTP redirect?

At this url, Facebook explains how to authenticate using Facebook Connect.

Basically, the steps are the following:

1. Redirect to facebook as the example. As a result I'll get an authorization code

   https://www.facebook.com/dialog/oauth?client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&scope=email,read_stream
   

2. Do a HTTP post to the following开发者_JS百科 address, asking for an access_token

   https://graph.facebook.com/oauth/access_token?client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&client_secret=YOUR_APP_SECRET&code=THE_CODE_FROM_ABOVE
   

Facebook will answer the last HTTP post with an access_token. Fine.

The access_token received above expires. The number of seconds it will still be valid is returned along with the access_token. Ok.

The problem is: What should I do after it expires?

From Facebook oficial website:

In addition to the access token (the access_token parameter), the response contains the number of seconds until the token expires (the expires parameter). Once the token expires, you will need to re-run the steps above to generate a new code and access_token

Wait! I can't re-run the steps above because in order to obtain a new authorization code I would have to redirect (step1). I don't want to redirect. I want to obtain a new authorization code through a web-service. The user already authorized my application and I won't have an oportunity again to redirect him or her.

What should I do?

PS: Thinking logically, I wouldn't need to gain a new authorization code after access_token expires. A new access_token would be enough. But, as I showed, facebook says authorization code also expires.

You would want to use the "offline_access" permission. This allows the token to be long-lived. See the permissions page: http://developers.facebook.com/docs/authentication/permissions/ .

Since they've removed offline_access, Facebook provided a way to extend the expiration of existing short-lived tokens.

Just make the following request:

https://graph.facebook.com/oauth/access_token?             
    client_id=APP_ID&
    client_secret=APP_SECRET&
    grant_type=fb_exchange_token&
    fb_exchange_token=EXISTING_ACCESS_TOKEN 

And, about the expiration of long-lived access tokens,

Currently the long-lived user access_token will be valid for 60 days while the 
short-lived user access_tokens are currently valid from 1 to 2 hours.

For more information, please refer to https://developers.facebook.com/roadmap/offline-access-removal/