Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

croak 'expires is not returned' #5

Closed
brunnock opened this issue May 10, 2014 · 8 comments
Closed

croak 'expires is not returned' #5

brunnock opened this issue May 10, 2014 · 8 comments
Assignees
Labels

Comments

@brunnock
Copy link

I had to comment out this line in get_user_token_by_code (#207).

It seems Facebook is returning a valid token without an expiration for me.

@oklahomer
Copy link
Owner

Thanks for adding an issue, @brunnock. I apologize for your inconvenience and I'll definitely look into this.

I thought expires was always given along with user access token, but I might be missing some spec. change.

Just to be sure could you give me some more details including following items?

  • Version of API/Dialog you are using
    • If you are not specifying one on Facebook::OpenGraph->new(), the version is "unversioned" and I must know if your Facebook app is registered prior to 2014-04-30 or not
  • How you obtained the code parameter
    • via the callback URI of Login Dialog
    • from cookie value via $fb->get_user_token_by_cookie
    • or signed_request parameter POSTed to your page for Facebook Page app

Thanks

@brunnock
Copy link
Author

Unversioned. The app was registered before 4-30, but was just approved last night (2014-5-9).

The code param is returned via URI.

@oklahomer
Copy link
Owner

Thanks, @brunnock. As I understand Facebook Platform's versioning system, as long as you use unversioned API/Dialog with app registered before 2014-04-30, your app's version is default to v1.0.

For apps that existed before April 30th 2014, making an API call without specifying a version number ('unversioned') is equivalent to making a call to the v1.0 of the API.

For apps created on or after April 30th 2014, making an API call without a specifing a version number is equivalent to making a call to v2.0 of the API.

I looked up v1.0 document for /oauth/access_token endpoint and it states as follows:

The response you will receive from this endpoint, if successful, is

access_token={access-token}&expires={seconds-til-expiration}

If it is not successful, you'll receive an explanatory error message.

So if it works following this spec, expires must be returned.
Actually it makes no sense to me that they are returning time-limited access token, but no expiration time, right? If they are not returning expires parameter, I think this is Platform's issue and you might want to report a bug or ask developer group for similar situation.

I hope it helps you and let me know when you have any progress.

@oklahomer
Copy link
Owner

Quick question, @brunnock. Is your app requesting some permissions for Facebook Page management or Ads management, such as manage_pages?
I kinda found a clue for this.

@brunnock
Copy link
Author

Yes. It does request manage_pages.

@oklahomer
Copy link
Owner

Thanks, I got the picture. I'll be working on this.

@oklahomer oklahomer added bug and removed invalid labels May 15, 2014
@oklahomer oklahomer self-assigned this May 15, 2014
@oklahomer
Copy link
Owner

I confirmed the edge cases that user access tokens become ones w/ no expiration time. They describe it is not an intended behaviour, but it occurs because of the side effect of how they link page access token to its owner's access token. https://developers.facebook.com/bugs/597779113651383/

Now, as of version 1.22, this module does not check the existence of expires parameter.

@brunnock
Copy link
Author

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants