How-To: Handle expired access tokens /by Facebook developers

It happens at Mobypicture all the time; expired access tokens from Facebook. There are several ways to solve this and this post at the Facebook Developer Blog handles them all. I didn’t know for example that your access tokens are rejected when you change your password at Facebook. Quite annoying actually, because I like to change my passwords once in a while and my Oauth connections should still be working afterwards.

This post will walk you through how you can ensure that you are handling and recovering from these situations gracefully. It assumes that you are familiar with our server-side authentication flow.

We will discuss 4 different scenarios:

  1. The token expires after expires time (2 hours is the default).
  2. The user changes her password which invalidates the access token.
  3. The user de-authorizes your app.
  4. The user logs out of Facebook.

/via How-To: Handle expired access tokens – Facebook developers.

Note: The solution Facebook provides only works when you have people login regularly on your website, because you need to show your users with invalid access tokens the Permission Request pop-up again.

Leave a comment