I’ve read all the docs, got the code working to authenticate and authorize and post to FB wall, and I’m still confused.
If I use the FB Connect login, I get back an accessToken. This token is valid for the session, until the user logs out of FB. So apps that say “login through facebook” must be keeping some kind of info to identify the user.
Do they continually replace/update the access token – that seems to violate the idea that a primary key should not change.
Or do they keep a session ID – that seems to have the same problem.
Thanks.
-Mike
It depends on what you need the
access_tokenfor. For example if you are publishing content on behalf of the user, you don’t need anaccess_token(or a valid session-online user) at all!Facebook will check if the user id you are trying to post on his behalf has granted your app the
publish_streampermission then the process will continue as if the user is logged in.So basically the user id “uid” should be considered a primary key not the
access_token. Even if you want anaccess_tokenthat will never change or expire (in theory) which you can get using theoffline_accesspermission, it’s not a good idea to treat it as a primary key.Not because it may get repeated but it may get expired at some rare circumstances.