Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Facebook iOS SDK: refreshing an expired access token without presenting a dialog

I'm using the Facebook iOS SDK. In my code I have authorized my app with the default permissions, so my session is valid until the expiration date is reached. However, after the expiration date is reached, I attempt to reauthorize in order to "refresh my OAuth token", as asked before.

However, when I attempt to reauthorize, it displays a dialog saying I have already authorized my app, even though I expect it to just update my OAuth token without a dialog. According to facebook, this is possible:

When you redirect the user to the auth dialog, the user is not prompted for permissions if the user has already authorized your application. Facebook will return you a valid access token without any user facing dialog.

However, I do get a dialog and I'd like to know how I can refresh the access token without getting the dialog.

like image 280
augusto callejas Avatar asked Dec 04 '11 04:12

augusto callejas


People also ask

How do I fix my expired Facebook token?

If the token has expired, your app must send the user through the login flow again to regenerate a new short-lived access token. Make this call from your server, not a client. Your app secret is included in this API call, so you should never make the request client-side.

How do I handle expired access tokens?

As mentioned, for security purposes, access tokens may be valid for a short amount of time. Once they expire, client applications can use a refresh token to "refresh" the access token.

How long do Facebook access tokens last?

When your app uses Facebook Login to authenticate someone, it receives a User access token. If your app uses one of the Facebook SDKs, this token lasts for about 60 days. However, the SDKs automatically refresh the token whenever the person uses your app, so the tokens expire 60 days after last use.

How can I check if my Facebook access token is valid?

You can simply request https://graph.facebook.com/me?access_token=xxxxxxxxxxxxxxxxx if you get an error, the token is invalid. If you get a JSON object with an id property then it is valid. Unfortunately this will only tell you if your token is valid, not if it came from your app.


1 Answers

A recent commit in the Facebook iOS SDK project included an "extend access token" method for extending an expired token.

More information about this and the deprecation of "offline_access" is in Facebook Developer's blog post.

like image 139
augusto callejas Avatar answered Oct 21 '22 03:10

augusto callejas