From f420b8ac09e73b9cc43edde4d208de99e5220a30 Mon Sep 17 00:00:00 2001
From: hybridauth <hybridauth@gmail.com>
Date: Sat, 14 Apr 2012 12:48:56 +0100
Subject: [PATCH] inquiring the removal of offline_access permission from
 facebook api

---
 hybridauth/Hybrid/Providers/Facebook.php      | 19 ++++++--
 .../thirdparty/Facebook/base_facebook.php     | 47 +++++++++++++++++++
 2 files changed, 61 insertions(+), 5 deletions(-)

diff --git a/hybridauth/Hybrid/Providers/Facebook.php b/hybridauth/Hybrid/Providers/Facebook.php
index 32d65967a..db12744b7 100644
--- a/hybridauth/Hybrid/Providers/Facebook.php
+++ b/hybridauth/Hybrid/Providers/Facebook.php
@@ -15,7 +15,7 @@
 class Hybrid_Providers_Facebook extends Hybrid_Provider_Model
 {
 	// default permissions, and alot of them. You can change them from the configuration by setting the scope to what you want/need
-	public $scope = "email, user_about_me, user_birthday, user_hometown, user_website, offline_access, read_stream, publish_stream, read_friendlists";
+	public $scope = "email, user_about_me, user_birthday, user_hometown, user_website, read_stream, offline_access, publish_stream, read_friendlists";
 	
 	public $display = "page";
 
@@ -45,6 +45,17 @@ function initialize()
 
 		$this->api = new Facebook( ARRAY( 'appId' => $this->config["keys"]["id"], 'secret' => $this->config["keys"]["secret"] ) ); 
 
+		if ( $this->token("access_token") ) { 
+			$access_token = $this->api->extendedAccessToken( $this->token("access_token") );
+
+			if( $access_token ){
+				$this->token("access_token", $access_token );
+				$this->api->setAccessToken( $access_token );
+			}
+
+			$this->api->setAccessToken( $this->token("access_token") );
+		}
+
 		$this->api->getUser();
 	}
 
@@ -80,10 +91,8 @@ function loginFinish()
 		// set user as logged in
 		$this->setUserConnected();
 
-		// try to detect the access token for facebook
-		if( isset( $_SESSION["fb_" . $this->api->getAppId() . "_access_token" ] ) ){
-			$this->token( "access_token", $_SESSION["fb_" . $this->api->getAppId() . "_access_token" ] );
-		}
+		// store facebook access token 
+		$this->token( "access_token", $this->api->getAccessToken() );
 	}
 
 	/**
diff --git a/hybridauth/Hybrid/thirdparty/Facebook/base_facebook.php b/hybridauth/Hybrid/thirdparty/Facebook/base_facebook.php
index 772cc97e1..5587beee9 100644
--- a/hybridauth/Hybrid/thirdparty/Facebook/base_facebook.php
+++ b/hybridauth/Hybrid/thirdparty/Facebook/base_facebook.php
@@ -1,4 +1,6 @@
 <?php
+// Modified
+
 /**
  * Copyright 2011 Facebook, Inc.
  *
@@ -1266,4 +1268,49 @@ abstract protected function clearPersistentData($key);
    * @return void
    */
   abstract protected function clearAllPersistentData();
+  
+
+	/**
+	* Extending access_token expiration time through fb new endpoint
+	*  returns an new access token which expires in 60 days
+	*
+	* http://developers.facebook.com/roadmap/offline-access-removal/#extend_token
+	* http://stackoverflow.com/a/9035036/1106794
+	*/
+	function extendedAccessToken( $old_access_token )
+	{
+		// Make a OAuth Request.
+		try {
+			$params = array(
+				'client_id'         => $this->getAppId(),
+				'client_secret'     => $this->getAppSecret(),
+				'grant_type'        => 'fb_exchange_token',
+				'fb_exchange_token' => $old_access_token,
+			);
+
+			$response = $this->_oauthRequest( $this->getUrl( 'graph', '/oauth/access_token' ), $params );
+			
+			// print_r( array( $this->getUrl( 'graph', '/oauth/access_token' ), $params, $response ) );
+		}
+		catch ( FacebookApiException $e ) {
+			// most likely that user very recently revoked authorization.
+			// In any event, we don't have an access token, so say so.
+			return false;
+		}
+
+		if (empty($response)) {
+			return false;
+		}
+
+		$response_params = array();
+
+		parse_str($response, $response_params);
+
+		if (!isset($response_params['access_token'])) {
+			return false;
+		}
+
+		return $response_params['access_token'];
+	}
+
 }