Geek Answers Handbook

Facebook - when does SDK update authentication token?

According to Facebook docs, mobile SDKs generate long-lived tokens that are updated once a day when a user using your application makes a request to Facebook's servers. For the javascript SDK, short-term tokens are generated and updated periodically.

I'm curious what it means "the person using your application makes a request to the Facebook servers." What calls will specifically lead to a token update? Or more importantly, what calls will not be? Is it enough to check the login status or something more active? I am really interested in keeping the token alive (or getting a new one) without sending the user through the input stream or doing something that is especially active with the Facebook APIs.

Thanks!

+5
source share
2 answers

According to the Facebook SDK Docu

As soon as the token expires ( "auto" expands the Facebook SDK token )

At any time, you can create a new long-lived token by sending it back to the login stream used by your web application - note that the person does not really need to log in again, they already allowed your application, so they will immediately redirect back to your application from the input stream with the updated token

There is no keep alive feature in the Facebook SDK.

User access tapes have two forms: short-lived tokens and long-lived tokens. Short-term tokens usually have a lifespan of about an hour or two, and long-lived tokens usually have a lifespan of about 60 days. You must not depend on these unchanged lives — the life span may change without warning or expiration. See More Processing Errors.

long-lived = 60 days

Short term = 2 hours

Also according to Facebook SDK Docu

Mobile applications using mobile SDKs for mobile devices receive long-lived tokens.

As soon as you click on the new oAuth/login , the user will receive a new token. Old will not expire. You can check loginStatus for FB.getLoginStatus . No need to keep alive .

+8
source

The SDK will update the access token for you when the actual graph request is made (up to once a day). Each time the token is updated, AccessTokenTracker will be notified, so you can register the tracker if you want to receive notification of updates (for example, to send to the server).

If you only make graph requests from your server, then you will need to process the expiration and try to expand or ask your user to run SSO again to get an updated token.

+2
source

More articles:


All Articles