Home/ Questions/Q 7802141
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-02T01:10:18+00:00

I have an application where users can link their Facebook accounts. They can log

  • 0

I have an application where users can link their Facebook accounts. They can log in using their email, but they can link their Facebook account.

In the view where I show the linked social networks (Facebook and others), I have something like this:

<%= image_tag @facebook.get_facebook_picture %>

This will call an instance method like this:

def get_facebook_picture
    unless self.token.nil?
      facebook_graph = Koala::Facebook::GraphAPI.new(self.token)
      fb_picture = facebook_graph.get_picture("me", { :type => "small" })
    end
end

This will work well unless the Facebook token that I have stored in my DB is expired. So I have added this exception handler in the mentioned controller:

def facebook_exception_handler exception
    if exception.fb_error_type.eql? 'OAuthException'
      # Let's get a new auth token... How?
    else
      logger.debug "Damn it. We don't know what error is coming from FB"
      raise exception
    end
end

I catch the exception correctly, but I fail to see how would I renew the access token that I have in my database. Notice that the access token that I have has been inserted using OmniAuth. So my question is:

Given that I have an OAuthException, how can I renew the access token of a particular user (UID) using Omniauth?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The simple case is that you re-auth the user with FB, exactly as you authorized them in the first place. To get the token in the first place, i’m assuming you’re using omniauth (and onmiauth-facebook) to authenticate against FB. That means you’ve got a route and a controller action to handle the auth callback, and a function that inserts the token into the db.

    The access token you originally got with omniauth can become invalid for various reasons – expiry, or because the user changed their FB password, and possibly others. In those cases, another OAuth call will return a valid token. Just call again (as you did when you first authorized the user) and replace the invalid token with the new one, in your DB, and you’re good.

    This gist (my own answer to a related question i asked here) has some code covering that, but it sounds like you’ve already got this covered. Save enough state to then re-attempt whatever triggered the exception and you’re good.

    It’s also possible that the token is now invalid because the user has changed their FB app settings to de-authorize your app. In that case, the user will see the FB permissions dialog as if they were a new user authenticating against FB for the first time. (FB)

    Does that make sense?

    • 0