CODEWITHSUNDEEP
androidfacebookfacebook-graph-apifacebook-sdk-4.0
Aniket Thakur
Aniket Thakur

Reputation: 68935

Revoking android app permission not clearing facebook access token

I have a activity called StarterActivity which is the launcher activity of my android application. I have provided a logout menu option on press of which I am revoking all apps permissions. I verified all permissions are getting revoked and my app is no longer listed in https://www.facebook.com/settings?tab=applications

However the access token does not get cleared.

    switch(item.getItemId())
    {
        case R.id.action_logout:
            GraphRequest delPermRequest = new GraphRequest(AccessToken.getCurrentAccessToken(), "/{user-id}/permissions/", null, HttpMethod.DELETE, new GraphRequest.Callback() {
                @Override
                public void onCompleted(GraphResponse graphResponse) {
                    if(graphResponse!=null){
                        FacebookRequestError error =graphResponse.getError();
                        if(error!=null){
                            Log.e(TAG, error.toString());
                        }else {
                            finish();
                        }
                    }
                }
            });
            Log.d(TAG,"Executing revoke permissions with graph path" + delPermRequest.getGraphPath());
            delPermRequest.executeAsync();
            break;
    }

I want to relaunch my StarterActivity Intent again on logout.

I added 

startActivity(new Intent(getApplicationContext(),StarterActivity.class));

after clearing permissions. But neither AccessToken.getCurrentAccessToken() or Profile.getCurrentProfile() is null. Perhaps getting cashed?

I also tried

    AccessTokenTracker accessTokenTracker = new AccessTokenTracker() {
        @Override
        protected void onCurrentAccessTokenChanged(
                AccessToken oldAccessToken,
                AccessToken currentAccessToken) {

            Log.d(TAG,"Access token changed");

            if (currentAccessToken == null){
                //User logged out
                startActivity(new Intent(getApplicationContext(),StarterActivity.class));
            }
        }
    };

But none of them seem to work. Access token is not cleared. How can I invalidate this data if cashed? I was hoping for it to get cleared on revoking permissions? Or is there a neater way to logout?

I am using SDK 4.x. More details on perm - https://developers.facebook.com/docs/graph-api/reference/user/permissions

Upvotes: 0

Views: 1104

Answers (1)

Aniket Thakur
Aniket Thakur

Reputation: 68935

What finally worked was

LoginManager.getInstance().logOut();

What it internally does is setting each access token and profile to null

public void logOut() {
    AccessToken.setCurrentAccessToken((AccessToken)null);
    Profile.setCurrentProfile((Profile)null);
}

Just revoking permission will not do. You can either manually set token and profile as null or use above API.

Upvotes: 1

Related Questions