Any way to pull out session key from access token returned by Facebook iOS SDK?

Asked 1/3, 2011 at 6:11 Answered 1/3, 2011 at 16:8

Solved objective-c ios facebook facebook-chat x-facebook-platform

I need Facebook session key to be used in this senario: http://developers.facebook.com/docs/chat/#platauth

However, the current Facebook iOS SDK returned us a access token which is not enough for this case. I digged around a lot , found this question here:

http://www.quora.com/Do-the-OAuth2-access-tokens-in-the-new-Facebook-Graph-API-expire

But the format it described doesn't have a similarity to the access token we got.

I am a little confused on these things.

By the way, I checked out an old version iPhone targeted old Facebook SDK to test, since this older SDK provides session key directly , but this SDK now always display a error page from Facebook after a successful login. Seems this SDK is fully deprecated?

To make this question clear, this is the access token(embedded in the URL) I got from Facebook iOS SDK:

fb193174047373858://authorize/#access_token=IwDbeiWINrotP3JOd1EGoEY7OmOBd2DyV8lh73mutCM.eyJpdiI6IkdKd3BvWlItcWlWRzIwTGYtUkRUVWcifQ.J6qNtSibMmm0yFe2QNHG46jnIUXef3dV-NnbYqXkfrFABjPrgMPQRUeKHJ3GxX1T3nlU7-4P8FUT6dlfwSwHfNJrheTUZIXdd3AlsSRUiUer5xEdFA9IsGEMn6GyHheH9DSr76IeZcBjl-_s4ub3kg&expires_in=0

Ionia answered 1/3, 2011 at 6:11 Comment(1)

The deprecation of "auth.promoteSession" Facebook API scheduled on Oct.1st will make the hack above disfunctional and not necessary(now only OAuth 2.0 access token is needed, and no md5 signature calculation is needed to generate auth response). Although I can not found official document from Facebook on this, all the details can be found in this question: facebook.#7395784 – Ionia 3/10, 2011 at 10:29

I still dont have the formula to convert FBAppAuth-ed or SafariAuth-ed access_token fragments to session_id. However, the following description will help in getting an access_token in described formula which can then be easily fragmented to derive session_id. Hope this helps.

In iOS SDK Version 2, login is handled by following API in Facebook class:

- (void)authorize:(NSArray *)permissions delegate:(id<FBSessionDelegate>)delegate;

In the implementation of same API, if we turn off the FBAppAuth and SafariAuth, then it will invoke login dialog box and the returned access_token will be of format APP_ID | SESSION_KEY | DIGEST

- (void)authorize:(NSArray *)permissions delegate:(id<FBSessionDelegate>)delegate 
{
  [_permissions release];
  _permissions = [permissions retain];
  _sessionDelegate = delegate;
    //[self authorizeWithFBAppAuth:YES safariAuth:YES];
  [self authorizeWithFBAppAuth:NO safariAuth:NO]; // Turned off FBApp and Safari auth
}

The returned access_token can be captured in following call back method in Facebook class (please put a NSLog to print the token) :

- (void)fbDialogLogin:(NSString *)token expirationDate:(NSDate *)expirationDate

Greening answered 1/3, 2011 at 16:8 Comment(3)

Thanks. I think you just point out there are different auth methods currently supported by facebook: FBAppAuth, SafariAuth, and the "legacy one"? By Disabling FBAppAuth and SafariAuth methods, it will fall back to the mentioned login dialog box and desired token format. Hopes I understand it right. – Ionia 18/3, 2011 at 15:21

The current method I am using now is follow the advice here using legacy REST auth API.This way I have no limits in which method I should use. There is some prerequisites, also mentioned there. Hopes it helps. – Ionia 18/3, 2011 at 15:28

The problem with this method is that it breaks Single Sign On. – Conley 31/5, 2011 at 14:51

Current FB access token has following format ('|' is a delimiter): || For example, for a access_token like this: 146012674543599|de29194522ad43g16ec2ca9b-612345672|kK5HvfSTbJx-x21rMsTyttifij0 Session Key is : de29194522ad43g16ec2ca9b-612345672

Cheers

Greening answered 1/3, 2011 at 7:32 Comment(1)

Are there different kinds of access token used on Facebook? The current Facebook iOS SDK I am using gave me with this token: fb{app_id_here}://authorize/#access_token=IwaaaaaaaaaaaaJOd1EGoEY7OmOBd2DyV8lh73mutCM.eyJpdiI6IkdKd3BvWlItcbbbbbbbbbbbbkRUVWcifQ.J6qNtSibMmm0yFe2QNHG46jnIUXef3dV-NnbYqXkfrFABjPrgMPQRUeKHJ3GxX1T3nlU7-4P8FUT6dlfwSwHfNJrheTUZIXdd3AlsSRUiUer5xEdFA9IsGEMn6GyHheH9DSr76IeZcBjl-_s4ub3kg&expires_in=0. I don't think I can apply your method on this access token to pull out session key. Hopes this make my question clear. – Ionia 18/3, 2011 at 15:14

Recommended topics

Hot tags