I have a mobile application that I'm using with Facebook connect. I'm having trouble getting an offline_access session key after a user has granted extended permissions.
Here's the user flow:
- User goes to my site for the first time
- I send them to m.facebook.com/tos.php? and pass my api key and secret
- The user logs in using Facebook connect
- Facebook returns them to a page in my site, mysite/login-success.php with an auth_token in the query string
- On mysite/login-success.php I instantiate the FB api client and check to see if I already have an offline_access session key for them:
$facebook = new Facebook($appapikey, $appsecret);
- If they haven't already provided offline_access FB gives me a temporary session key I need to get offline_access permission from the user so I forward them on to www.facebook.com/connect/prompt_permissions.php? and pass offline_access in the querystring.
- The user authorizes offline_access and get forwarded to mysite/permissions-success.php
The problem I'm having is that after instantiating the API client on permissions-success.php the session key I have is still the temporary session key, not a new offline_access session key.
The only way I've found to get the offline_access key is to delete all cookies for the user and then have them login again using Facebook connect. A fairly poor user experience.
Can anyone shed some light on how to use the Facebook api to generate a new session key even if one already exists (in my case a temporary session key)?