Reputation: 21725
When do I need to use the access token stored in the database?
When do I need to use the access token stored in my database?
- This access token is a user access token.
- It seems like the PHP SDK does a pretty good job of getting an access token on it's own. Though this looks like it's handled through a Session.
-- What if the Session gets wiped somehow?
-- Should I provided a link?
-- Or should/can I automate this somehow? - I am new to Facebook's Open Graph API.
- I am using the Facebook PHP SDK.
I also got a little confused with the docs on Facebook and implementing the PHP SDK. After spending a decent amount of time mixing and adapting the two I realized that almost all examples in the docs are a part of the PHP SDK. Hence my above question.
Upvotes: 4
Views: 1688
Answers (1)
Reputation: 47986
There is no real reason you need to store a users access_token in your database. Chances are the next time you come to use it - it'll be invalid already. They only last for an hour or two in my experience. Officially, the documentation states :
When you obtain an access token from Facebook, it will be valid immediately and usable in requests to the API for some time period defined by Facebook. After that period has elapsed, the access token is considered to have expired and the user will need to be authenticated again in order for your app to obtain a fresh access token. The duration for which a given access token is valid depends on how it was generated.
There is no concrete time period of how long a (normal) token can be valid so there would be no reason to store it. If you wanted to have an exhaustive log of all transactions with the API you could store the token as a reference - but that is overkill IMO...
The only reason to store your tokens at all would be if you are dealing with extended access_tokens. If you are looking into that field, I can recommend this post - " http://facebook.stackoverflow.com/questions/8982025/how-to-extend-access-token-validity-since-offline-access-deprecation ". It seems to be the most comprehensive post dealing with extending the validity of an access_token. You'll want to do this if you want to make calls to the Graph API on behalf of the user when s/he is not necessarily connected to your application (or logged into Facebook at all for that matter - don't know if I like that at all...)
Upvotes: 3
Related Questions
- facebook storing access token for offline access with php sdk - really confused
- What is the access token in Facebook PHP SDK?
- Using app-access token instead of user-access token
- How to work with Facebook App Access Tokens?
- Purpose of auth user tokens?
- Facebook PHP SDK dealing with Access Tokens
- Does it make sense to store Facebook access tokens in the database?
- Access token in my db
- Do I need to use access token in Facebook API?
- Proper use of access_token for Facebook Graph API