The new OAuth 2.0 client-side flow provides an access-token with an expiresIn time. Typically this is 1-2 hours. Users who are playing a game may spend that long playing and they also might play for a while, walk away, and come back 3-4 hours later.
From what I can tell from the documentation, I’m just supposed to handle errors from API calls and if the token fails to work, reload the browser. Well, this just isn’t that great for games, because this might happen at a critical moment.
Even if I set a timer and call FB.getLoginStatus() again, the expiresIn will remain the same, so it’s clearly relative to the initial login time.
Are games just supposed to make all their facebook API calls up-front and then cache all the data? Is there a way to refresh the access_token without reloading the web page?
I did some experiments, and you can just call setTimeout() and pass the expiresIn value from the original getLoginStatus call. Then when it times out if you call getLoginStatus again, it will have been refreshed with a new access token and new expiresIn time. Rinse, repeat.