Login/Register
Access Token of Facebook changed by user, How to get call back for Access Token?
Asked Answered
Solved androidfacebookfacebook-access-tokenandroid-facebook
H

1

6

I am using Facebook SDK 4.2. I have implemented AccessTokenTracker interface, which is working if token is changed.

My question is : If user got publish_permission for post something from Android app. Then I remove that permission from my Facebook account. Now in app, the token return from 

AccessToken accessToken = AccessToken.getCurrentAccessToken();

This token have publish_permission, but on Facebook server permissions are changed. After removing permission from Facebook account for that app. I again run my app. Then i press on share button, then i got error

{FacebookGraphResponseException: (#200) Requires extended permission: publish_actions httpResponseCode: 403, facebookErrorCode: 200, facebookErrorType: OAuthException, message: (#200) Requires extended permission: publish_actions}

So How can I check this token is match with Facebook server token or not.

Hagy answered 16/6, 2015 at 8:51 Comment(0)
D
2

I don't think you can actively "match" the server access token, but you can use the

GET /debug_token?input_token={input-token}&access_token={access-token}

call to check whether the currently stored access token contain the specific permission, where

  • input_token: the access token you want to get information about
  • access_token: your app access token or a valid user access token from a developer of the app

The resulting JSON will contain a data.scopes array containing the actual permissions.

Alternatively, and I think that suits your use case better, you could also use

GET /me/permissions?access_token={access_token}

before triggering the share, to check whether the publish_actions permission is still there. Furthermore, there is the Deauthorize Callback mechanism which is triggered when users uninstall your app:

People are able to uninstall apps via Facebook.com without interacting with the app itself. To help apps detect when this has happened, we allow them to provide a de-authorize callback URL which will be pinged whenever this occurs.

See

Deepdyed answered 16/6, 2015 at 8:58 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.