Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Expired access token after openActiveSession for Facebook iOS SDK

I'm using the 3.1 Facebook SDK with iOS 6 Facebook set up in Settings and my app authorized.

This executes flawlessly:

[FBSession openActiveSessionWithReadPermissions:nil allowLoginUI:YES completionHandler:^(FBSession *fbSession, FBSessionState fbState, NSError *error) { ... }

However now when I try to get 'me' information I'm getting an error:

com.facebook.sdk:ParsedJSONResponseKey = {
    body =     {
        error =         {
            code = 190;
            "error_subcode" = 463;
            message = "Error validating access token: Session has expired at unix time 1348704000. The current unix time is 1348706984.";
            type = OAuthException;
        };
    };
    code = 400;
}

If I look at [error code] it's equal to 5. Shouldn't I have a valid access token after just logging in? Do I need to call reauthorize?

UPDATE: Reauthorizing doesn't help. Oddly the accessToken for my activeSession is always coming back the same. This despite calling closeAndClearToken.

like image 768
Ben Flynn Avatar asked Sep 27 '12 01:09

Ben Flynn


People also ask

How do I fix my expired Facebook token?

If the token has expired, your app must send the user through the login flow again to regenerate a new short-lived access token. Make this call from your server, not a client. Your app secret is included in this API call, so you should never make the request client-side.


1 Answers


UPDATE: This issue has been addressed in Facebook iOS SDK 3.1.1.


I synched the code off of github and found that they weren't calling accountStore renewCredentialsForAccount:completion: anywhere. I changed the following code in authorizeUsingSystemAccountStore and it seems to have resolved the issue.

// we will attempt an iOS integrated facebook login
[accountStore requestAccessToAccountsWithType:accountType
                                      options:options
                                   completion:^(BOOL granted, NSError *error) {

                                       // this means the user has not signed-on to Facebook via the OS
                                       BOOL isUntosedDevice = (!granted && error.code == ACErrorAccountNotFound);

                                       dispatch_block_t postReauthorizeBlock = ^{
                                           NSString *oauthToken = nil;
                                           if (granted) {                                                                                                      
                                               NSArray *fbAccounts = [accountStore accountsWithAccountType:accountType];
                                               id account = [fbAccounts objectAtIndex:0];
                                               id credential = [account credential];                                                   
                                               oauthToken = [credential oauthToken];
                                           }

                                           // initial auth case
                                           if (!isReauthorize) {
                                               if (oauthToken) {
                                                   _isFacebookLoginToken = YES;
                                                   _isOSIntegratedFacebookLoginToken = YES;

                                                   // we received a token just now
                                                   self.refreshDate = [NSDate date];

                                                   // set token and date, state transition, and call the handler if there is one
                                                   [self transitionAndCallHandlerWithState:FBSessionStateOpen
                                                                                     error:nil
                                                                                     token:oauthToken
                                                    // BUG: we need a means for fetching the expiration date of the token
                                                                            expirationDate:[NSDate distantFuture]
                                                                               shouldCache:YES
                                                                                 loginType:FBSessionLoginTypeSystemAccount];
                                               } else if (isUntosedDevice) {
                                                   // even when OS integrated auth is possible we use native-app/safari
                                                   // login if the user has not signed on to Facebook via the OS
                                                   [self authorizeWithPermissions:permissions
                                                                  defaultAudience:defaultAudience
                                                                   integratedAuth:NO
                                                                        FBAppAuth:YES
                                                                       safariAuth:YES
                                                                         fallback:YES
                                                                    isReauthorize:NO];
                                               } else {
                                                   // create an error object with additional info regarding failed login
                                                   NSError *err = [FBSession errorLoginFailedWithReason:nil
                                                                                              errorCode:nil
                                                                                             innerError:error];

                                                   // state transition, and call the handler if there is one
                                                   [self transitionAndCallHandlerWithState:FBSessionStateClosedLoginFailed
                                                                                     error:err
                                                                                     token:nil
                                                                            expirationDate:nil
                                                                               shouldCache:NO
                                                                                 loginType:FBSessionLoginTypeNone];
                                               }
                                           } else { // reauth case
                                               if (oauthToken) {
                                                   // union the requested permissions with the already granted permissions
                                                   NSMutableSet *set = [NSMutableSet setWithArray:self.permissions];
                                                   [set addObjectsFromArray:permissions];

                                                   // complete the operation: success
                                                   [self completeReauthorizeWithAccessToken:oauthToken
                                                                             expirationDate:[NSDate distantFuture]
                                                                                permissions:[set allObjects]];
                                               } else {
                                                   // no token in this case implies that the user cancelled the permissions upgrade
                                                   NSError *error = [FBSession errorLoginFailedWithReason:FBErrorReauthorizeFailedReasonUserCancelled
                                                                                                errorCode:nil
                                                                                               innerError:nil];
                                                   // complete the operation: failed
                                                   [self callReauthorizeHandlerAndClearState:error];

                                                   // if we made it this far into the reauth case with an untosed device, then
                                                   // it is time to invalidate the session
                                                   if (isUntosedDevice) {
                                                       [self closeAndClearTokenInformation];
                                                   }
                                               }
                                           }
                                       };



                                       if (granted) {
                                           [accountStore renewCredentialsForAccount:[[accountStore accountsWithAccountType:accountType] lastObject] completion:^(ACAccountCredentialRenewResult renewResult, NSError *error) {
                                               dispatch_async(dispatch_get_main_queue(), postReauthorizeBlock);
                                           }];
                                       } else {
                                           // requestAccessToAccountsWithType:options:completion: completes on an
                                           // arbitrary thread; let's process this back on our main thread
                                           dispatch_async(dispatch_get_main_queue(), postReauthorizeBlock);
                                       }

                                   }];

}
like image 142
Ben Flynn Avatar answered Oct 07 '22 17:10

Ben Flynn