Facebook Javascript SDK extend access token get "Invalid OAuth access token" - 190 - "OAuthException"
10,116
Doing this in a client is a bad idea because of the requirement to include the app secret in the actual client, which is very dangerous. It's best to call a endpoint on your server that handles this separately so that app secret stays in your controlled environment.
Author by
Lê Trung Thu
Updated on June 05, 2022Comments
-
Lê Trung Thu almost 2 years
I try to use javacript SDK to get access token and then extend that access token for 60 day. I got reponse error like this from response:
Object { message="Invalid OAuth access token.", type="OAuthException", code=190}
My expectation:
- Get new access token with 60 days expire
- Console to screen.
My Code:
window.onload = function() { var isLogin = true; FB.init({appId:422642254433770, cookie:true, status:true, xfbml:true }); FB.getLoginStatus(function(response) { if (response.status === 'connected') { // the user is logged in and connected to your // app, and response.authResponse supplies // the user’s ID, a valid access token, a signed // request, and the time the access token // and signed request each expire var uid = response.authResponse.userID; var accessToken = response.authResponse.accessToken; var accessTokenOld = response.authResponse.accessToken; //Extend access token var OauthParams = {}; OauthParams['client_id'] = '//REMOVED APP ID'; OauthParams['client_secret'] = '//REMOVED APP SECRET'; OauthParams['grant_type'] = 'fb_exchange_token'; OauthParams['fb_exchange_token'] = 'accessToken'; OauthParams['response_type'] = 'token'; console.log("Old accessToken => " + accessToken); FB.api('/oauth/access_token', 'post', OauthParams, function(response) { console.log(response); if (!response || response.error) { console.log(response.accesstoken); } else { console.log("Lay new access token bi loi " + response.error.message); } }); } }); };
I try to search every where for this trouble 3 days without any clue. I there any one have experience? please help.
Many thanks
-
XciD about 9 yearsYou shouldn't pass app secret on front scripts... is not secure