I’m having a problem where a user’s access tokens will expire, but the session hasn’t leading to certain api calls throwing an exception.
I was hoping to be able to somehow call the access token’s expiration data directly, or at least some clean way of telling if the access token I’m using has already expired without having to first try an api call and catch the exception and read the error message.
Right now, in pseudo code I have
try {
$permissions = getFBPerms(); # this seems to work fine even with expired tokens
doFBApiCall(); # this will throw an exception withe expired tokens
}
catch (FacebookApiException $e) {
var_dump($e); # this usually comes out to expired tokens
}
I want to be able to
if (checkFBTokenStatus())
// do everything with no worries
else
gotoFBLoginUrl(); # re-log them in to get new access tokens
I also want a clean solution which I can adapt easily in case a user changed passwords, they authorized the app etc. I’m currently working off of this blog post but I dislike the way it works and it doesn’t really make sense. Furthermore, I’m hoping they’ve updated the mechanism since that blog post was put up. Thanks.
What’s wrong with:
?
Of course, you can make a call to, for example,
/meto check whether the token is valid, but that will imply executing one extra call before each API call, that doesn’t make much sense..Also, I wouldn’t rely on expiration date (tokens should least 3 hours from creation), since it might not be exact. Correct way is to catch the exception and then redirect the user to login page.
Or, the brutal way, ask for tokens that doesn’t expire 🙂
UPDATE: The deauthorize callback
if you go in the “Advanced” pane of you app settings, you’ll find the “Deauthorize callback” field, in which you can insert an URL that is pinged when an user deauthorizes your app. This way, you have a certain way to tell whether an user removed your app.