How-To: Handle expired access tokens - Développeurs Facebook. One of the most frequently asked for “How-To” requests from developers is how to handle invalid access tokens. Access tokens for users can become invalid due to various reasons. In most cases, they can expire if it’s past the time specified by the ‘expires’ field (by default access token have a 2 hour lifetime). What many developers do not realize is that an access token can also expire if a user changes her password, logs out or if she de-authorizes the app via the App Dashboard . It is very important that your apps handle such situations. If your access token expires, you need to reacquire a valid access token. This post will walk you through how you can ensure that you are handling and recovering from these situations gracefully. It assumes that you are familiar with our server-side authentication flow .
We will discuss 4 different scenarios: The token expires after expires time (2 hours is the default). Token expires after expires time Scenario 2: User changes her password. Server-Side Authentication. Whether someone is not logged into your app or not logged into Facebook, you can use the Login dialog to prompt them to do both. If they aren't logged into Facebook, they'll be prompted to login and then move onto logging into your app. This is automatically detected, so you don't need to do anything extra to enable this behavior. Invoking the login dialog Your app must initiate a redirect to an endpoint which will display the login dialog: client_id={app-id} &redirect_uri={redirect-uri} This endpoint has the following required parameters: client_id. It also has the following optional parameters: state.
For Windows 8 Apps If you are building Login for a Windows app you can use the Package Security Identifier as your redirect_uri. This will return control flow back to you app with an access token on success, or error on failure. Handling login dialog response. Client-Side Authentication. If people using your app aren't logged into your app or not logged into Facebook, you can use the Login dialog to prompt them to do both.
Various versions of the dialog are shown below. If they aren't logged into Facebook, they'll first be prompted to log in and then move on to logging in to your app. The JavaScript SDK automatically detects this, so you don't need to do anything extra to enable this behavior. Invoking the Login dialog For apps using the Facebook SDK for JavaScript, the Login dialog is invoked with a simple call to FB.login: FB.login(function(response){}); As noted in the reference docs for this function, it results in a popup window showing the Login dialog, and therefore should only be invoked as a result of someone clicking an HTML button (so that the popup isn't blocked by browsers).
There is an optional scope parameter that can be passed along with the function call that is a comma separated list of Permissions to request from the person using the app. Authentication.