FB Access Tokens And Their Uses

When someone connect with your application using facebook Login, your application will be able to obtain access token which provides  temporary, secure access to Facebook APIs.

Access token is opaque string that identifies user page or application and can be used by application to make graph API calls. Access token are obtained via a number of methods. Token includes information about when token will expire and which application generated token. Because of privacy checks, majority of API calls on facebook need to include access token. To support different use cases there are different types of access tokens which are mentioned below

• Client token is identifier that you can embed into native mobile.

• User access token most used token. Needed any time application calls an API to modify, write or read particular person Facebook data on their behalf. Generally obtained via Login dialog and require person to permit application to one.
  For generating this access token:
  Javascript: Retrieve by making a call to FB.getAuthResponse which will include accesstoken property within response.
  Android: Retrieve by inspecting Session.getCurrentAccessToken.
  iOS: Retrieve by inspecting FBSDKAcessToken.currentAccessToken.

• App access token Needed to write and read application settings. Also used to publish open graph actions. Generated using pre agreed secret between application and facebook and then used during calls that change application wide settings. This obtain via server to server call.
  
  Generating App Access Token:
  You need to make Graph API call to generate app access token
  GET /oauth/access_token?client_id={app-id}&client_secret={app-secret}&grant_type=client_credentials

• Page access token similar to user access token except that they provide permission to APIs that modify read or write data related to Facebook page. To obtain this token you need to start by user access token and asking manage pages permission. After then you obtain this token via Graph API.
  For generating this token:
  
  JavaScript SDK:

  /* make the API call */
  FB.api(
     "/me/accounts",
     function (response) {
       if (response && !response.error) {
         /* handle the result */
       }
     }
  );
   

  Android SDK:

  /* make the API call */
  new GraphRequest(
     AccessToken.getCurrentAccessToken(),
     "/me/accounts",
     null,
     HttpMethod.GET,
     new GraphRequest.Callback() {
         public void onCompleted(GraphResponse response) {
             /* handle the result */
         }
     }
  ).executeAsync();
   

   

  iOS SDK:

  // For more complex open graph stories, use `FBSDKShareAPI`
  // with `FBSDKShareOpenGraphContent`
  /* make the API call */
  FBSDKGraphRequest *request = [[FBSDKGraphRequest alloc]
                                initWithGraphPath:@"/me/accounts"
                                       parameters:params
                                       HTTPMethod:@"GET"];
  [request startWithCompletionHandler:^(FBSDKGraphRequestConnection *connection,
                                       id result,
                                       NSError *error) {
     // Handle the result
  }];