WPBook & WPBook Lite Updates for Deprecated Offline Access

Enable "deprecate offline_access" to get extended access token and be prepared for when Facebook permanently removes offline_access

Facebook’s developer roadmap is always changing. The latest change that impacts WPBook and WPBook Lite is the removal of the “offline_access” permission, coming in July:

The offline_access permission is deprecated and will be removed July 5, 2012. Until then, you can turn this change on or off using the “Remove offline_access permission” migration. On May 2, 2012, we will automatically turn the migration to “enabled” for all apps. If this breaks your app, you can turn the migration back to “disabled” until July 5, 2012 when it will be permanently “enabled” for all apps.

If that wasn’t confusing enough, check out the “Removal of offline access permission” page, which explains that:

While we are removing the use of the offline_access permission, through a migration setting in the Developer App, we are now allowing the option to use access_tokens with a long-lived expiration time that can be renewed each time the user revists your app (see exceptions below). For existing apps that are not using the offline_access permission, there are no changes required for your app, but you should consider using the new endpoint that allows the longer expiration time.

To translate a bit and summarize:

Ultimately, as I read the docs, this means you have to make a choice: you can either keep “deprecate offline_access” disabled, and use offline_access tokens, OR you can set “deprecate offline_access” enabled, and use “long-lived” tokens.

Long Lived tokens live for two months (60 days) and then the user has to re-authorize the application to get a new long-lived token.

I’ve updated WPBook (2.5.2) and WPBook Lite (1.4) to work with long-lived tokens. The apps will no longer ask for offline_access, and will check for token validity, flagging in the admin when a token is invalid.

If you already have a Facebook application set up and working with either WPBook or WPBook lite, you don’t need to do anything. Your tokens, which were granted under the old “offline access” regime, will keep working, for now. Per Facebook:

After the offline_access removal date, currently set for 7/5/2012 (see roadmap for exact date), all existing offline_access access_tokens will have their expiration time truncated to 60 days. This truncation will be transparent to the user and your app will continue functioning normally; Facebook will send an updated message through the weekly developer round-up when this truncation will occur.

If you don’t yet have a Facebook application, and are setting up a new one, you should start with “deprecate offline_access” enabled, and WPBook / WPBook Lite will be fine, but you will need to re-authenticate every 60 days.

Ultimately everyone will end up having to re-authenticate every 60 days.

These implementations are just the first pass to ensure that WPBook and WPBook Lite keep working. Next step will be to actually store the expiration returned with the token and be able to inform the user before the token becomes invalid, not just let them know after the fact.

Did you like this? Share it:
4 Comments. Leave a comment or send a Trackback.
  1. #1 • Craig said on May 20 2012:
     

    Hi, I’ve had the error message “Your Facebook Access Token for WPBook has expired. Please visit the settings page for WPBook and grant a new access token. Until you do so, cross-posting to Facebook and import of comments will fail.”

    Noob question I know but…. How do I re-authenticate…?

    Thanks, :)

  2. #2 • John said on May 20 2012:
     

    Craig – first, make sure you’re on 2.5.2 (if you’re using WPBook) or 1.4 (if you’re using WPBook lite).

    There was a bug in WPBook 2.5 and 2.5.1, which you could have gotten if you caught the upgrade cycle at just the wrong time.

    To re-authenticate in WPBook, go to the WPBook Settings page in your dashboard and click on the “checking permissions” link just above “required settings.” That will load a page inside Facebook which will show your current permissions.

    At the bottom of that page is a link which says “grant or re-grant permissions for your userid” – that’s the one you want, which will generate a new (long-lived) access token.

  3. #3 • Othello said on April 26 2013:
     

    In my app dashboard, the option to remove or deprecate offline_access isn’t even displayed in the migration box..:(

  4. #4 • John said on April 26 2013:
     

    Well, this post is from May of last year – Facebook’s interface changes very frequently. The option is no longer an option, because the migration is now complete and you can’t avoid it.