how to save facebook access token after success

Question

when user allow my app i receive this type of success url:
http://localhost/fbapp/app.php#access_token=AAAAALY8OpPABAM67auStdfgdfOdfgdfgdenqEt9QZCGD2a1h3iWFrhmNWqOf8l4a9RQ8tAJCM9y5QbYpsP6sT1g0ZCXDhtZCECZApGb&expires_in=6604

i am trying $_GET['access_token'] to save access token, but it's not working,

i want to know that how to get access token from this url..

Answer 1

From your use of $_GET, I'm assuming you are talking about PHP. Unfortunately, hash tags are never sent to the server. They only live on the client side so you need to use some javascript to then make a call to a PHP script.

Example:

<script type="text/javascript">
var HashSearch = new function () {
   var params;

   this.set = function (key, value) {
      params[key] = value;
      this.push();
   };

   this.remove = function (key, value) {
      delete params[key];
      this.push();
   };


   this.get = function (key, value) {
       return params[key];
   };

   this.keyExists = function (key) {
       return params.hasOwnProperty(key);
   };

   this.push= function () {
       var hashBuilder = [], key, value;

       for(key in params) if (params.hasOwnProperty(key)) {
           key = escape(key), value = escape(params[key]); // escape(undefined) == "undefined"
           hashBuilder.push(key + ( (value !== "undefined") ? '=' + value : "" ));
       }

       window.location.hash = hashBuilder.join("&");
   };

   (this.load = function () {
       params = {}
       var hashStr = window.location.hash, hashArray, keyVal
       hashStr = hashStr.substring(1, hashStr.length);
       hashArray = hashStr.split('&');

       for(var i = 0; i < hashArray.length; i++) {
           keyVal = hashArray[i].split('=');
           params[unescape(keyVal[0])] = (typeof keyVal[1] != "undefined") ? unescape(keyVal[1]) : keyVal[1];
       }
   })();
}

$.ajax({
        type: "POST",
        url: '/store_access.php',
        data: 'access_token='+escape(HashSearch.get('access_token'),
        dataType: "html",
        success: function(response) {
            alert('Access Token Stored');
        }
    });
</script>

I found the HashSearch function here: Retrieve specific hash tag's value from url

Also, I assumed jquery on the post to your script, but you could use anything to make the call. You could even just add an image to the body with a url that includes the token.

Answer 2

You are using the client-side authentication auth URL instead of the server side URL which is why you are getting an access_token as part of the URL fragment instead of as a GET variable.

Remove response_type=token from your auth URL and then follow the Server Side Authentication.