Exchange for a Long-Lived Access Token

The long-lived access token

In our previous lesson, we noted how the short-lived access token — which your web application obtains as soon as a user has completed their “Login with Facebook” flow and after Facebook has redirected them back to your application — is a perfectly valid token. You have about an hour to use it for authorized requests to the Facebook Graph API. During that time, you can request resources belonging to the user that authorized your application, as long as the resources you request are within the permission scopes that you originally asked for.

A one-hour lifespan for a token might be sufficient for some application needs, but it is likely that your application will need longer-term access. Let’s assume that your web application will want to make behind-the-scenes requests of your users’ Facebook data, and you intend to do this well into the future.

To do that, you are going to need the long-lived access token. A long-lived access token has the same functionality as a short-lived token, but it has a validity of 60 days.

Get hands-on with 1200+ tech skills courses.