Facebook Login: Access Tokens

[Fuente: https://developers.facebook.com/docs/facebook-login/access-tokens/ ]

Cuando alguien se conecta con una aplicación que utiliza Facebook Login, la aplicación podrá obtener un access token que proporciona un acceso temporal y seguro a las APIs de Facebook.

Un token de acceso es una cadena opaca que identifica al usuario , la aplicación o la página que puede ser utilizada por la aplicación que invoca llamadas sobre el API de facebook. Los tokens de acceso son obtenido por varios métodos, que veremos más adelante. El token incluye información sobre cuando el token expira y qué app generó el token. Debido a comprobaciones de privacidad, la mayoría de las API calls sobre Facebook necesita incluir un access token. Hay distintos tipos de acceso que soportan todos los casos de uso:

  • User Access Token – The user token is the most commonly used type of token. This kind of access token is needed any time the app calls an API to read, modify or write a specific person’s Facebook data on their behalf. User access tokens are generally obtained via a login dialog and require a person to permit your app to obtain one.
  • App Access Token – This kind of access token is needed to modify and read the app settings. It can also be used to publish Open Graph actions. It is generated using a pre-agreed secret between the app and Facebook and is then used during calls that change app-wide settings. Youobtain an app access token via a server-to-server call.
  • Page Access Token – These access tokens are similar to user access tokens, except that they provide permission to APIs that read, write or modify the data belonging to a Facebook Page. To obtain a page access token you need to start by obtaining a user access token and asking for the manage_pages permission. Once you have the user access token you then get the page access token via the Graph API.
  • Client Token – The client token is an identifier that you can embed into native mobile binaries or desktop apps to identify your app. The client token isn’t meant to be a secret identifier because it’s embedded in applications. The client token is used to access app-level APIs, but only a very limited subset. The client token is found in your app’s dashboard. Since the client token is used rarely, we won’t talk about it in this document. Instead it’s covered in any API documentation that uses the client token.