I need to get FaceBook access token using appid and app secret in C# windows application. Actually i did below coding, but getting app token only not getting the access token.
how to achieve to retrieve access token.?
FacebookClient client = new FacebookClient();
dynamic result = client.Get("oauth/access_token", new
{
client_id = "1498796747020950",
client_secret = "c50341f5b4e42a595f0791467f439e38",
grant_type = "client_credentials"
});
var accessToken = result.access_token;
The token that you are requesting is an app access token which can not be used with every API call (instead its usage is very limited).
Let me try to elaborate the access tokens and OAuth 2.0 to make the concepts clear.
With the standard OAuth 2.0 implementation, the first step is to invoke the OAuth Dialog of the service provider (facebook)-
\GET http://www.facebook.com/dialog/oauth
Parameters-
client_id
(APP ID)redirect_uri
(App's Redirect Url)scope
(permissions - optional)Returns-
code
(appended with the redirect url)
After the user successfully authenticated the app, a code
is returned by the service provider(facebook) appended with the redirect_url
passed. So you'll be redirected to-
{redirect-url}?code=XXXXXXXXXXXXXXXXX
We use this code
then and request for the access_token
-
\GET https://graph.facebook.com/oauth/access_token
Parameters-
client_id
(APP ID)client_secret
(APP Secret)code
redirect_uri
If you dont want to build this manual flow, you can use the SDKs that take care of this flow. It will just invoke the outh dialog and if success will give you the access token in response. Facebook provides official SDKs for iOS, Android, Javascript and PHP; also there are other third-party SDKs. Now this will give us an access token, to be more precise- a user access token. This is only process required to obtain a user access token (i.e. user engagement is required). What you were requesting was an app access token, I'll now elaborate facebook access tokens-
There are 3 types of access tokens to support different use cases:
User Access Token - The user token is the most commonly used type of token. This kind of access token is needed any time the app calls an API to read, modify or write a specific person's Facebook data on their behalf. I've explained the detailed process of obtaining this token.
App Access Token - App access tokens are used to make requests to Facebook APIs on behalf of an app rather than a user. This can be used to modify the parameters of your app, create and manage test users, or read your application's insights. App access tokens can also be used to publish content to Facebook on behalf of a person who has granted an open graph publishing permission to your application.
Except these there's nothing an app access token can do. And its like a password of your app so it is important that your app secret is never shared with anyone. This can be obtained by the API call that you have mentioned in the question-
GET /oauth/access_token?
client_id={app-id}
&client_secret={app-secret}
&grant_type=client_credentials
or directly from here, or simply use {app-id}|{app-secret}
Page Access Token- Page access tokens are used in Graph API calls to manage Facebook Pages. To generate a page access token, an admin of the page must grant an extended permission called manage_pages
. Once this permission has been granted, you can retrieve the page access token using the following Graph API request:
/GET /{page-id}?fields=access_token
I'm not really sure if this all was significant to you but I hope it helps you clearing some doubts regarding the same.
If the app access token is significant to you, you can use it by any of three methods I've mentioned. If not, user access token is what required to you which cannot be obtained without user interaction.