Handling an expired long lived access token, server side - facebook

3
votes

In my web app, I need to post on users facebook feed while they are offline. I already store long lived access tokens for the users. But these tokens also expire after 60 days.

The FB docs mention that it is necessary to redirect users to the login flow to get a renewed access token.

I was thinking of checking the facebook session validity of user, whenever they login to my app and to give them the option of re-authenticating facebook in case their access token has expired. However this will involve user interaction if the user is not currently logged in to his facebook account.

Are there any alternative solutions to look at. Also, how do sites like Quora manage posting to user's wall, without needing to re-authenticate facebook after every 60 days.

PS - I am using the latest facebook php sdk.

1
facebookfacebook-graph-apioauth-2.0facebook-php-sdkfacebook-access-token

1 Answers

3
votes

Simple Answer: It is not possible to extend the Access Token on the server. It would make the whole concept void.

Earlier there was a permission called "offline access", but they changed it to an extended token with maximum 60 days to avoid those things. You should NEVER post anything on the wall of the user without his authorization, for every single post. You are not allowed to autofill/prefill the message parameter anyway (see Facebook terms), it always must be 100% user generated.

About Quora: i donĀ“t know what exactly they are doing, but i assume they refresh the Access Token whenever the user goes to their website.