I am using oauth 2 to authenticate user on facebook. My application is loaded within canvas page and I am getting user access token from signed_request.
What is best practice for store and use user access token? I will want use user access token in flash facebook application in various api calls.
Should I store it to database? And after every user login to application replace user access token in database?(To prevent it from expiration)
Or whenever I will need access token should I ask facebook somehow to provide me with it?
Thank you very much for answers or links with usefull information. I would like to use it my bachelor thesis.
If you want to use the user access token only when the user is active within your app and that is for a limited amount of time, then you should be fine with the short-lived access token you get from the signed_request; and there should be no need to store it into your database if you have another way of accessing it from your flash app.
If you want to use it to act on behalf of the user even when he is not actively using your app, f.e. to post in the background, then you should get a long-lived access token as described here, https://developers.facebook.com/roadmap/offline-access-removal/ But that would be more applicable for a server-side app, and since you said you would be using flash I think it might not be relevant for you(?).