Before you start screaming at me, I know that many users already asked for something like this, but I read them all and could not find an answer related to my specific case: I eventually managed to get something working, but this I don’t think what I (and other developers) are looking for. I want to share my experience about this with all of you, so I will try to describe my scenario and the steps that I took to learn how to take care of this, so please pamper me for this long post: I'm sure this will help some developers in in the same situation as me, in order to clear their mind, just as I hope, it will give others the right information to help me (and others) with it.
I wrote my own Android application that uses the Facebook API. I DO NOT use the Facebook SDK because I do not want to rely on the official application installed on the device (in fact, my application is partially an alternative to this application, so it would be foolish to require it to be installed in any case in the first place), but I prefer Directly handle Graph API calls through HTTP and handle the responses yourself. So if this is the answer that you are thinking of giving me, please, not because I will not follow this road.
So I used client-side authentication to authorize my application by displaying the URL in the WebView and getting the access_token at the end. I requested offline_access among other permissions.
Since offline_access will be deprecated in May, I began to figure out how to get long-lived tokens, and therefore read almost everything I can find related to this, including, of course, official recommendations. In short, nothing worked for me, and I still stick with very short access_tokens, which I can't do anything about.
This is what I did to get started:
- The deprecated offline_access application for my application (not THE , since it is used by many users right now, but another, which is basically the same, and I use it only for testing, thing) in the settings.
- , : https://www.facebook.com/dialog/oauth?client_id=MY_APP_ID&redirect_uri=http://my.domain.com/yeah.htmlscope=publish_stream,read_stream,user_photos,friends_photos,offline_access&response_type=token&display=wap
access_token, , , : expires_in 6800 ( ). , , (access_tokens ), .
, access_token , . , . , , :
- , , , "" , . , ( , Android, , , , - - , , messit access_token), GET : https://graph.facebook.com/oauth/access_token?client_id=APP_ID&client_secret=APP_SECRET&grant_type=fb_exchange_token&fb_exchange_token=EXISTING_ACCESS_TOKEN... , , , . access_token, , expires_in, , ( , ). , , access_token, -, , , , .
- , - , REST API , GET : https://api.facebook.com/method/auth.extendSSOAccessToken?access_token=EXISTING_ACCESS_TOKEN, , , " ".
, . , Android, HTTP- API, , , .
- "", "/ ". , "/ " , access_token ( 24 , 1-2), , .
- : " access_token, facebook, ". , , -, , , , , , : client_secret, Android-, . , , access_token ( http://developers.facebook.com/docs/authentication/server-side/). access_token (5183882 , 59 ), , ( ) : -, , SSO.
, ( , ), offline_access , , , . , , , , ?
.