PHP Warning: Undefined array key “expires_in”

Hi @nicmare!

I was unable to reproduce this problem on my local test site with full error reporting.

We set the “expires_in” key in the $access_token_data array with the default value of “-1”, and later the access token extracted from the response received from Facebook should also contain this in the case of both the normal:
https://developers.facebook.com/docs/facebook-login/guides/advanced/manual-flow/#exchangecode
and long-lived access token too:
https://developers.facebook.com/docs/facebook-login/guides/access-tokens/get-long-lived/

So this “expires_in” key should be set in any case, yet your error message says that there is no such key in the array for some reason.

I believe some third party Facebook integration plugin/theme may cause the problem. Do you still see those warnings if: you turn off all plugins (including Must-use and Drop-In plugins) and use a WordPress default theme, e.g.: Twenty Twenty-One?
If not, start turning them on one by one, then look at the login each time, and when the PHP warning comes up again, you’ve found the plugin that has something to do with the problem.

it only happens with facebook. when i take a look into row 83 of facebook-client.php and do a error_log(print_r($accessTokenData,1)); i get these keys in the array:

Array
(
[access_token] => EAAI0f6ZAQl…
[token_type] => bearer
)

i guess your script is expecting “expires_in” here ?!

I disabled all plugins and using blocksy theme only.

in other words: the response you get back will overwrite the predefined array with its keys. and the response does not contain “expires_in” keys. therefore its missing at all. and because there is an “isset” function missing, it prints the error. in the end the question might be why the expires_in key is missing. i do not know. ??

• This reply was modified 1 year, 5 months ago by nicmare.

Hi @nicmare

Yes, exactly this is what seems to happen. But the strange thing is that, the “expires_in” key should be returned with the Facebook access token always. Actually in the past Facebook had a couple of bug reports for a similar problem:

• https://stackoverflow.com/questions/46453312/expires-in-missing-from-facebook-oauth-access-token-response

but back then they fixed that issue. Most likely they reintroduced that bug again, however in my case the problem didn’t occur. I even created a completely new App and tried it with that, but that also returned the “expires_in” key value pair. So I assume, only certain apps are affected by this problem.

Anyways, to be able to handle this issue properly in our code, I need to know if your access token without the “expires_in” key will count as a long lived access token or not. So please check the following:

• Revoke the access token of your App in the Facebook account that you experience the problem with. You can revoke access tokens at:
  https://www.facebook.com/settings?tab=applications&ref=settings
  ( but you can also reach this page at Facebook > Settings & privacy > Settings > Apps and Websites )
• once you revoked the access token, open the official Facebook Access Token debugger: https://developers.facebook.com/tools/debug/accesstoken/
• in our isAccessTokenLongLived() method within the facebook-client.php file, you should check the value of:
  $this->access_token_data
  e.g. like this:
  print_r($this->access_token_data);exit;
  or logging it into the error log like you did.
• You will get an array like you saw before, and from that you should copy the value of the “access_token”.
• Finally insert the value into the Access Token Debugger and press Debug. That should write out the details of your token.

Please send me a screenshot of the values that you see in the “Access Token Info” – don’t forget to blur the values of the “App ID” and “App-Scoped User ID” in your screenshot as this is a public forum. ( If you are not comfortable with sharing the details on this forum, feel free to get in touch with us directly over the ticket system: https://nextendweb.com/contact-us/nextend-social-login-support/ )

Best regards,
Laszlo.

sure, here you go:

Thanks @nicmare

Your screenshot says:

• Expiration Date – Never
• Data access expires 1693816909 (in about 3 months)

so for some reason your access token will never expire, although normally user access tokens should. I can see other permissions associated with your access token as well which are not connected to Nextend Social Login, so I think you used the same App for other purposes, too -e.g. something made you request a page access token, and that is what made it not to expire.

In the Data access expires row I can see that your have access for about 3 months so it already counts as a long lived access token, so we could handle these tokens like that by default.

So could you check please if you modify the return value of our isAccessTokenLongLived() method from this:

return $this->access_token_data['created'] + $this->access_token_data['expires_in'] > time() + (60 * 60 * 2);

to this:

return isset($this->access_token_data['expires_in']) ? ($this->access_token_data['created'] + $this->access_token_data['expires_in'] > time() + (60 * 60 * 2)) : true;

Will that fix the problem? Also does the login work fine like that?

Please let me know the results of your experiments, and if everything is fine we will add this modifications to our code, too.

i changed the row accordingly but phpstorm recommends this one:

return ! isset( $this->access_token_data['expires_in'] ) || $this->access_token_data['created'] + $this->access_token_data['expires_in'] > time() + ( 60 * 60 * 2 );

so this is what i changed to and tested both actions: registration and login with facebook. Working good without warnings. You may want to check it on your side with your fb app as well?

i am not that familiar with fb / ig api so i do not know why i have no expires_in key but i managed to obtain several permissions to do some fancy ig api stuff like upload images with code. i assume it has something to do with it. i can remember there was a business account necessary so maybe it relates to this somehow.

Hi @nicmare

Thank you for your feedback. That is also fine as it returns true if the “expires_in” key is not set in the array, otherwise it returns the value of the comparison. The code I suggested also does almost the same just the order is different.

If you have other websites where you experience the same problem, feel free to make this modification there, too and once we release a new version you can freely update, as this modification will be included there, too.

Best regards,
Laszlo.