How long do 'offline_access' OAuth tokens last for?

Question

If a user gives my app the offline_access permission, approximately how long will the OAuth token last for? The documentation simply says:

"By default, most access tokens expire after a short time period to ensure applications only make requests on behalf of the user when the are actively using the application. This permission makes the access token returned by our OAuth endpoint long-lived."

How long specifically would this token last for? Would it be active 24 hours later?

Answer 1

Some helpful information from Facebook here on handling expired access tokens:

https://developers.facebook.com/blog/post/500/

Note that an access token can also expire if the user changes their password or deletes their Facebook account.

Your client (web, iOS, etc) should make a habit of checking for a valid access token & reprompting the user to authorize if the token has expired.

Answer 2

If I recall correctly, the access token returned when requesting the offline_access permission will remain valid until the user revokes the offline_access extended permission from the application, or the user specifically removes the application. Effectively making it a permanent token.

However, this should always be taken with a grain of salt. Facebook allows themselves the freedom to be able to change their policies at anytime and the 'long-lived' wording of the description allows them to invalidate the token at any time. It is recommended that your application handles the scenario of the token becoming invalid as it will cover the user removing application access and the token being invalided for some other reason.