I have an app that requires ongoing access to a users facebook account without their repeated login.
To generate an access token for the page we run the fb.api/oauth/access_token - also passing in the client ID, client secret, redirect_uri, and code. This code works as expected and creates the access token for the app.
Facebook documentation indicates that this token is live for 60 days.
To re-generate access keys: we run:
fb.api('oauth/access_token', {
clientID: this.id,
clientSecret: this.secret,
fb_exchange_token: token,
grant_type: 'fb_exchange_token'
The above code should create a new access key. However, when we test the keys we get the following error message:
Error validating access token: The session has been invalidated because the user changed their password or Facebook has changed the session for security
the subcode is 460: indicating Facebook password changed by user. Yet this is not the case for every client.
Please advise. Will users definitely need to log in once every 60 days? Does the refresh token not work?

Tag:-

Only one comment.

  1. David

    Did you solve the problem? I am getting same error...

    Reply

Add a new comment.