What is the correct way to refresh Facebook OAuth2 access token after it expires?

facebook facebook-graph-api oauth-2.0

Solution 1:

  1. The only way to tell if a cookie is valid is to use it and catch the error if it is expired. There is no polling method or anything to check if a token is valid.

  2. To get a new token, simply redirect the user to the authentication page again. Because they have already authorized your app they will instantly be redirected back to your app and you will have a new token. They won't be prompted to allow since they have already done that.

In short, there are no tricks to this. You are already doing it correctly.

Solution 2:

Recently, facebook has made some changes to access tokens which allows them to be refreshed periodically.

https://graph.facebook.com/oauth/access_token?
client_id=APP_ID&
client_secret=APP_SECRET&
grant_type=fb_exchange_token&
fb_exchange_token=EXISTING_ACCESS_TOKEN

For more details, check here: https://developers.facebook.com/docs/roadmap/completed-changes/offline-access-removal

Solution 3:

//you just need more step because the access token you are getting will expire in 1 hour
    //you can overcome this in step 5

    1-Redirect to (or have user click link to) app's authorization URL
2-User authorizes and is redirected to your callback URL
3-Callback uses "code" parameter to get a access token
4-Access token is used with Graph API to pull or push information
    5-exchange short-lived access token you just got with 60 day access token
    https://graph.facebook.com/oauth/access_token?client_id=APP_ID&client_secret=APP_SECRET&grant_type=fb_exchange_token&fb_exchange_token=EXISTING_ACCESS_TOKEN
    6-after 60 day the user must login again to your app and the steps from 1-5 will be repeated.
    --the real problem you will face is how to make the user visit your app page again

Solution 4:

Facebook has removed the feature of refresh the access token on the "behalf of" mode. The best and easy way is to redirect the user to facebook login page to re-oauth the app. Find facbook doc here

Solution 5:

if user has already authorized your application and access token expired. you can redirect user to authentication page again. but oauth dialog doestn't show because user already authorized your application. he will redirect to redirect_url parameter you used.

Related

How to reference a resource file correctly for JAR and Debugging?
Hibernate: Refresh, Evict, Replicate and Flush
Knockout: computed observable vs function
Managing SSH keys within Jenkins for Git
VS Info Message: "Package restore on project open is disabled. Change the npm package management settings in Project Properties ..."
MySQL Trigger - Storing a SELECT in a variable
Which encoding uses the \x (backslash x) prefix?
Disable the text-highlighting magnifier on touch-hold on Mobile Safari / Webkit
Carriage Return\Line feed in Java
How secure would github hosting be for private repositories? [closed]
Razor: No overload for method 'Write' takes 0 arguments
What's the "dot" for when registering an Activity