How-To: Handle expired access tokens - Développeurs Facebook. One of the most frequently asked for “How-To” requests from developers is how to handle invalid access tokens. Access tokens for users can become invalid due to various reasons. In most cases, they can expire if it’s past the time specified by the ‘expires’ field (by default access token have a 2 hour lifetime). What many developers do not realize is that an access token can also expire if a user changes her password, logs out or if she de-authorizes the app via the App Dashboard . It is very important that your apps handle such situations. If your access token expires, you need to reacquire a valid access token. This post will walk you through how you can ensure that you are handling and recovering from these situations gracefully. It assumes that you are familiar with our server-side authentication flow .
We will discuss 4 different scenarios: The token expires after expires time (2 hours is the default). Token expires after expires time Scenario 2: User changes her password. Server-Side Authentication. Whether someone is not logged into your app or not logged into Facebook, you can use the Login dialog to prompt them to do both. If they aren't logged into Facebook, they'll be prompted to login and then move onto logging into your app. This is automatically detected, so you don't need to do anything extra to enable this behavior. Invoking the Login Dialog and Setting the Redirect URL Your app must initiate a redirect to an endpoint which will display the login dialog: client_id={app-id} &redirect_uri={redirect-uri} &state={state-param} This endpoint has the following required parameters: client_id.
For example, if your login request looks like: then your redirect URI would be called with this: It also has the following optional parameters: response_type. For Windows 8 Apps If you are building Login for a Windows app you can use the Package Security Identifier as your redirect_uri. Handling Login Dialog Response. Client-Side Authentication. If a person opens your webpage but is not logged in or not logged in to Facebook, you can use the Login dialog to prompt them to log in to both.
If they are not logged into Facebook, they will first be prompted to log in, then prompted to log in to your webpage. There are two ways to log someone in: A. Log In with the Login Button To use the Facebook Login Button, use our Plugin Configurator to customize the Login Button and get the code. B. To use your own login button, invoke the Login Dialog with a call to FB.login(). FB.login(function(response){ // handle the response }); Ask for Additional Permissions When a person clicks your HTML button a pop-up window with the Login dialog is shown.
Sample Call This example asks the person logging in if your webpage can have permission to access their public profile and email. Authentication.