Rails - Facebook with Omniauth and Koala: How to renew an expired token

Asked 17/4, 2012 at 0:35 Answered 24/1, 2014 at 4:56

Solved ruby-on-rails facebook omniauth access-token koala

I have an application where users can link their Facebook accounts. They can log in using their email, but they can link their Facebook account.

In the view where I show the linked social networks (Facebook and others), I have something like this:

<%= image_tag @facebook.get_facebook_picture %>

This will call an instance method like this:

def get_facebook_picture
    unless self.token.nil?
      facebook_graph = Koala::Facebook::GraphAPI.new(self.token)
      fb_picture = facebook_graph.get_picture("me", { :type => "small" })
    end
end

This will work well unless the Facebook token that I have stored in my DB is expired. So I have added this exception handler in the mentioned controller:

def facebook_exception_handler exception
    if exception.fb_error_type.eql? 'OAuthException'
      # Let's get a new auth token... How?
    else
      logger.debug "Damn it. We don't know what error is coming from FB"
      raise exception
    end
end

I catch the exception correctly, but I fail to see how would I renew the access token that I have in my database. Notice that the access token that I have has been inserted using OmniAuth. So my question is:

Given that I have an OAuthException, how can I renew the access token of a particular user (UID) using Omniauth?

Berga answered 17/4, 2012 at 0:35 Comment(2)

Since this isn't an answer to your question, I'll just leave a comment... but you should be able to grab the pictures without an active token using: profile_pic = Koala::Facebook::GraphAPI.new.get_picture(fb_uid, {:type => "large"}), right? – Dowie 8/5, 2012 at 18:52

If you want to get the extended 60-day token, this may help – Nicolenicolea 23/5, 2013 at 19:6

The simple case is that you re-auth the user with FB, exactly as you authorized them in the first place. To get the token in the first place, i'm assuming you're using omniauth (and onmiauth-facebook) to authenticate against FB. That means you've got a route and a controller action to handle the auth callback, and a function that inserts the token into the db.

The access token you originally got with omniauth can become invalid for various reasons - expiry, or because the user changed their FB password, and possibly others. In those cases, another OAuth call will return a valid token. Just call again (as you did when you first authorized the user) and replace the invalid token with the new one, in your DB, and you're good.

This gist (my own answer to a related question i asked here) has some code covering that, but it sounds like you've already got this covered. Save enough state to then re-attempt whatever triggered the exception and you're good.

It's also possible that the token is now invalid because the user has changed their FB app settings to de-authorize your app. In that case, the user will see the FB permissions dialog as if they were a new user authenticating against FB for the first time. (FB)

Does that make sense?

Kadiyevka answered 17/4, 2012 at 6:17 Comment(4)

Thanks for the answer. My question is: How do I update the token directly without having to show the auth window to the user? – Berga 17/4, 2012 at 6:31

As long as the app is still authorized and the user is still logged in to FB, your oauth call will succeed silently. The user will only see an auth window if needed for some reason (they're logged out of FB, or they've de-authorized your app and need to re-authorize it). – Kadiyevka 17/4, 2012 at 6:36

I didn't say the user is logged in at all... I am using Omniauth to let the users link their accounts to the app (for posterior posting into their walls) but not as a logging method. – Berga 17/4, 2012 at 6:39

Sure - it doesn't matter if you're using that fb token for login to your app or not...only that you have it. The main point i'm making is that however you're making the OAuth call to get the FB token in the first place, you can do the same thing to replace an expired token. The user will generally not see another auth dialog.<br/><br/>Or maybe i'm missing something in your scenario. Can you post more details (or code) showing how you're getting the token in the first place? Or tell me more about the scenario to help me understand why another OAuth call isn't a good solution? – Kadiyevka 17/4, 2012 at 6:48

You can change the RailsCasts koala tutorial connection with this:

def facebook
  if self.facebook_expires_at < Time.now
    oauth = Koala::Facebook::OAuth.new(ENV["FACEBOOK_KEY"], ENV["FACEBOOK_SECRET"])
    new_access_info = oauth.exchange_access_token_info self.facebook_token

    new_access_token = new_access_info["access_token"]
    new_access_expires_at = DateTime.now + new_access_info["expires"].to_i.seconds

    self.update_attributes!(:facebook_token => new_access_token,
                            :facebook_expires_at => new_access_expires_at )
  end
  @facebook ||= Koala::Facebook::API.new(self.facebook_token)
  block_given? ? yield(@facebook) : @facebook

  rescue Koala::Facebook::APIError => e
    logger.info e.to_s
    nil
end

Aksoyn answered 24/1, 2014 at 4:56 Comment(3)

My experiments show that this approach does not actually extend expire time, new token will expire at the same time as the old one. – Armidaarmiger 30/7, 2014 at 13:31

@Armidaarmiger I found that also, Is there a way to renew a token? – Meetinghouse 8/2, 2015 at 11:48

@NickGinanto It looks like there is no way to do it without interacting with user. I've ended up showing special notice to users, who have their tokens expired, with a same omniauth link that's used for login/signup. User goes through standard OAuth flow and I receive new token in my Omniauth callback. – Armidaarmiger 8/2, 2015 at 12:16

Recommended topics

Hot tags