Please verify my understanding of extending Facebook Access Tokens

Question

I have a an application which will make posts on multiple user profile pages and Fan Pages.

To obtain permission to do this, the app will process a client side auth and obtain the short-lived access token for each user who uses the app.

My app will then immediately exchange that for a 60 day long-lived access token, and store this for future use in a local DB. The app will then be able to update that users profile and pages for up to 60 days, whether the user is logged into FB or not.

The next bit is the important bit:

Each time the user uses my app, my app will test the validity of the current access token, in case the user has changed their password etc, or the 60 days have elapsed.

If the access token is no longer valid, my app will seek to obtain a new one.

If the user is not logged into Facebook at this point, it is my understanding that I will have to prompt a login and force a client side auth, to obtain a new short-lived access token which I will have to exchange for a new 60 day long-lived token.

Is this correct? ie that the user has to login again? ie there is not way to process the access_token update on the server side?

Also, is it the case the the 60 day expiry only applies in respect of user access tokens, and does not apply in respect of page access tokens?

thx

Answer 1

Is this correct? ie that the user has to login again? ie there is not way to process the access_token update on the server side?

No. You need a valid short-lived user access token first, and that you get through the process of client-side login.

Also, is it the case the the 60 day expiry only applies in respect of user access tokens, and does not apply in respect of page access tokens?

Correct, page tokens do not expire by default, if they where obtained using a long-lived user access token.