Reputation: 51
Oauth 2: Is access_token a unique key for User?
After a user connects with Facebook, Facebook responds with an access_token.
Can I assume this access_token will always stay the same and is unique for every user?
If so, then I can use it to find the user in my database, and if not found, create a new user.
If not, is there a way to ask Facebook to also send you back user_id (with the access_token) right after connecting so that I don't have to make another request to /me?fields=id for it?
Upvotes: 5
Views: 3276
Answers (2)
Reputation: 958
OAuth access_token can be duplicated during 2+ token issuers. It is unique only in the token issuer (facebook.com in this case). Since facebook token is enough long, token duplicates will rarely happen though.
Upvotes: 0
Reputation: 2333
You should use their id as a unique identifier. The access_token is unique, but you'll get a new one every time you request one.
Upvotes: 5
Related Questions
- Why doesn't Access Token have the identity of user?
- Facebook OAuth 2.0 "code" and "token"
- Whether the facebook id generated in access token be unique for every session?
- Is Facebook's token_for_business unique for a user?
- Session Key & Access Token in Facebook-API
- is the Authorization code in OAuth 2 is used only once for the lifetime of the client Application running server?
- oAuth2.0 access token confusion
- Is the user_id from the facebook api unique?
- Facebook Graph API - Same access token for all users
- Does the Facebook Connect oauth access_token reliably contain the facebook user id?