Login/Register
Facebook: Refreshing long-lived access token automatically
Asked Answered
Solved facebookfacebook-graph-apioauth-2.0facebook-oauth
C

2

11

I'm storing long-lived access tokens for users of my application that have associated their Facebook accounts to it. Since the demise of the offline_access tokens, these long-lived tokens have an expiry date of "about 60 days." However, they can refresh themselves when the user interacts with Facebook. According to the documentation:

These tokens will be refreshed once per day when the person using your app makes a request to Facebook's servers. If no requests are made, the token will expire after about 60 days and the person will have to go through the login flow again to get a new token.

What I'd like to know is what constitutes making a request to Facebook's servers. Does the user have to log in to the Facebook website, mobile app, or use a Like button somewhere? Or does my application making a request on behalf of the user count as well?

Also, when the tokens are refreshed, are they refreshed for another 60 days? Or are they refreshed for a smaller duration?

I wasn't able to find these specific answers in the documentation or in other questions asked here, so thanks in advance to anyone who might have more details.

Carmine answered 15/7, 2014 at 19:34 Comment(2)
Did you ever figure this out? I'm having an issue where it looks like the iOS SDK is not refreshing the long-lived token and my users are getting logged out every 60 days.Shaun
I don't recall if I managed to fix it. I think I implemented a process where, if the operation failed because to token was outdated or revoked, the app would attempt to renew it using the refresh token. And if that failed, I had to ask the user to reassociate his/her account with my app. Not a great fix, but the best I could manage at the time.Carmine
T
3

The previous line to the one you pasted is important: Native mobile applications using Facebook's SDKs will get long-lived access tokens, good for about 60 days

The section you pulled out refers only to iOS and Android apps using the Facebook SDK - the SDK makes an API call to extend the token, which will only work from the SDK and for tokens produced by the native mobile SDKs-

Other apps (e.g websites, apps on facebook.com) need to use the login flows documented elsewhere in the documentation and require the user to be logged into Facebook in their browser

Trisyllable answered 16/7, 2014 at 3:27 Comment(2)
You're quite right. I must have mixed that section up with the following one that talks about Web access tokens.Carmine
ok but will the SDK get a new token every day or will the fb servers extend the expiry of the current token ?Instructions
E
4

Every time you use Facebook SDK so it makes any Graph API call, tokens will be refreshed. You can see this in their source code, in AccessTokenManager there is function extendAccessTokenIfNeeded(), and that function is called inside GraphRequest in function executeConnectionAndWait().

You can also manually refresh tokens by calling:

AccessToken.refreshCurrentAccessTokenAsync();

I found one exception to this. Only sso tokens can be refreshed, which means if user logged in to your app via facebook app. If user logged in via browser, token will remain the same.

Enscroll answered 28/3, 2020 at 23:3 Comment(1)
The docs are terrible. There are dozens of questions about Facebook token refreshing on StackOverflow, and this answer is the only good one I've found so farMcclelland
T
3

The previous line to the one you pasted is important: Native mobile applications using Facebook's SDKs will get long-lived access tokens, good for about 60 days

The section you pulled out refers only to iOS and Android apps using the Facebook SDK - the SDK makes an API call to extend the token, which will only work from the SDK and for tokens produced by the native mobile SDKs-

Other apps (e.g websites, apps on facebook.com) need to use the login flows documented elsewhere in the documentation and require the user to be logged into Facebook in their browser

Trisyllable answered 16/7, 2014 at 3:27 Comment(2)
You're quite right. I must have mixed that section up with the following one that talks about Web access tokens.Carmine
ok but will the SDK get a new token every day or will the fb servers extend the expiry of the current token ?Instructions

© 2022 - 2024 — McMap. All rights reserved.