13. Short-Lived Token
(about 2 hours)
For security reason, please send the accessToken back to
your Server and request a new accessToken from Server
directly in order to protect your accessToken leaked from
the Client-side.
17. Request For AccessToken
Request from your server
GET https://graph.facebook.com/oauth/access_token?
client_id={APP-ID}
&redirect_uri={REDIRECT-URI}
&client_secret={APP-SECRET}
&code={CODE}
18. Request For AccessToken
Response Body
access_token={ACCESS-TOKEN}&expires={EXPIRE-SECOND}
(P.S. the CODE will be expired after requesting the AccessToken,
please remember this AccessToken)
19. If you request it again from your
server with the same parameter…
Response Body
Hey, It’s JSON Format
20. Request For Long-Lived
AccessToken
Request from your server
GET https://graph.facebook.com/oauth/access_token?
grant_type=fb_exchange_token
&client_id={APP-ID}
&redirect_uri={REDIRECT-URI}
&client_secret={APP-SECRET}
&fb_exchange_token={ACCESS-TOKEN}
22. Check Token is valid or not
Send any graph API request.
If failed, please follow this
https://developers.facebook.com/blog/post/2011/05/13/ho
w-to--handle-expired-access-tokens/
23. Image via from Facebook
Short-Lived
(about 2 hours)
Long-Lived
(about 60 days)
28. Q & A
Some Link
Facebook Developers https://developers.facebook.com/
Facebook Access Tokens https://developers.facebook.com/docs/facebook-
login/access-tokens
The Open Graph protocol http://ogp.me/
Example Project https://github.com/EricPing/NodeJsFacebookExamle