Closed nbro10 closed 5 months ago
Yes, you are right, We can put the refer link to the description!
@MerleLiuKun Do you know the difference between the access token and input token? To me this is still unclear. According to the linked docs
Replace
{input-token}
with the access token you want to get information about and{access-token}
with a valid access token. The tokens must be from the same app.
However, it's unclear to me if the access token is an access token or the client secret. Why am I confused? Because I'd assume that we can make this request without an access token, actually. For example, let's say you have only 1 existing access token and you want to check that it has the required scopes, then if this existing access token is not valid, you can't debug it. So, I'd assume that you actually don't need any access token to debug an access token.
Do you know something more about this topic? Do you have a code example for this mentioned case?
hi,
You can use the app's token.
example:
If you have an access token ac=xxxxx
And you must have the app which the access token belonged to, then you must have the app's token,
So then you can do this.
api.debug_token(input_token="token which you want to debug, just `ac`", access_token="your facebook app's token")
:)
@MerleLiuKun Yes, I did that in the end. It seems that the app token is indeed a token that you can generate with just the client ID and client secret. You need the app token to inspect a user access token. However, I wonder why would you need the app token to do this, because the client secret is already a secret. Why can't you automatically generate the app token? Wouldn't this be possible?
Yes we can generate the app token just with the app_id
and app_secret
.
Now if you initial app instance as follows:
api = GraphAPI(
app_id="xxx",
app_secret="xxx",
application_only_auth=True
)
Now this method will automatically to use app token
@MerleLiuKun I see now the code. For some reason, I thought this wasn't done automatically and I had to manually call get_app_token()
to get the app token. Thanks.
Maybe you meant
?
But then what's the difference between the "input token" and the "app administrator's access token"
It might be a good idea to base the description of this method on what is written here: https://developers.facebook.com/docs/facebook-login/guides/%20access-tokens/debugging.