Intermittent bad Facebook app access_token

Question

I'm creating test users in Facebook for my application. It works sometimes. When it doesn't, the error occurs on this call:

function getTestAccounts($fb, $a) {
$s = urlencode($a);
**$accounts = $fb->api("/{$fb->getAppId()}/accounts/test-users?access_token=$s");**
if( isset($accounts['data']) )
    return $accounts;
else
    return null;
}

Error is:

Uncaught OAuthException: (#15) This method must be called with an app access_token.

Previously I've obtained the token with this function:

function getAppAccessToken($fb) {
$access_token_url = "https://graph.facebook.com/oauth/access_token";
$parameters = "grant_type=client_credentials&client_id=" . $fb->getAppId() .    "&client_secret=" . $fb->getApiSecret() . "&junk=1";
return file_get_contents($access_token_url . "?" . $parameters);
}

When I output the offending token, it looks something like this and does not change (should it?)

access_token=229234510434203|TK2UDoGCPthCBeDIvhRIPkSG8Wk

I've tried clearing cookies. That seemed to work but might have been coincidental with something else because it does not now.

I assume the access token returned from FB changes but it's always coming back the same.

Answer 1

I made a greenhorn mistake. What I failed to notice was that this problem was only occurring after I opened another browser tab and logged to Facebook as myself or a test user. The new Facebook session was interfering with the API.

I guess the API uses the access token of the logged on user instead of what's passed in the request. Kind of obvious once you understand it!

Hope this helps the next person :-)

Answer 2

Mark

for a user access token i use the below, where the number is my app id. "used with php-sdk"

$access_token = $_SESSION['fb_135669679827333_access_token'];

---

for an application access token i use cURL

$app_access_token = GetCH();
function GetCH(){
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://graph.facebook.com/oauth/access_token?client_id=YOUR_APP_ID&client_secret=YOUR_APP_SECRET&grant_type=client_credentials");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
if(substr($url,0,8)=='https://'){
    // The following ensures SSL always works. A little detail:
    // SSL does two things at once:
    //  1. it encrypts communication
    //  2. it ensures the target party is who it claims to be.
    // In short, if the following code is allowed, CURL won't check if the 
    // certificate is known and valid, however, it still encrypts communication.
    curl_setopt($ch,CURLOPT_HTTPAUTH,CURLAUTH_ANY);
    curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,false);
}
$sendCH = curl_exec($ch);
curl_close($ch);
return $sendCH;
};

Let me know if this helps.