Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What is the length of the access_token in Facebook OAuth2?

Tags:

facebook

oauth

I searched on Google and StackOverflow to find a answer to my question but I can't find one.

I'd like to store the access_token to my database for offline access and I'd like to be sure to specify the correct length of my column.

I can't even find if it's just a number or a mix between number and strings.

like image 757
Cyril N. Avatar asked Dec 10 '10 12:12

Cyril N.


People also ask

How long does a Facebook access token last?

When your app uses Facebook Login to authenticate someone, it receives a User access token. If your app uses one of the Facebook SDKs, this token lasts for about 60 days. However, the SDKs automatically refresh the token whenever the person uses your app, so the tokens expire 60 days after last use.

How long is an oauth2 token?

By default, access tokens are valid for 60 days and programmatic refresh tokens are valid for a year.

How long is a bearer token?

A valid bearer token (with active access_token or refresh_token properties) keeps the user's authentication alive without requiring him or her to re-enter their credentials frequently. The access_token can be used for as long as it's active, which is up to one hour after login or renewal.

What is the length of an access token?

By default, an access token for a custom API is valid for 86400 seconds (24 hours).


1 Answers

I work at Facebook and I can give a definitive answer about this.

Please don't put a maximum size on the storage for an access token. We expect that they will both grow and shrink over time as we add and remove data and change how they are encoded.

We did give guidance in one place about it being 255 characters. I've updated the blog post that had that information and updated our new access token docs to include a note about sizes:

https://developers.facebook.com/docs/facebook-login/access-tokens/

Sorry for the confusion.

like image 58
Christopher Blizzard Avatar answered Sep 20 '22 15:09

Christopher Blizzard