Reputation: 904
Facebook PHP SDK Getting Expiration date on Access Token
I'm having a problem where a user's access tokens will expire, but the session hasn't leading to certain api calls throwing an exception.
I was hoping to be able to somehow call the access token's expiration data directly, or at least some clean way of telling if the access token I'm using has already expired without having to first try an api call and catch the exception and read the error message.
Right now, in pseudo code I have
try {
$permissions = getFBPerms(); # this seems to work fine even with expired tokens
doFBApiCall(); # this will throw an exception withe expired tokens
}
catch (FacebookApiException $e) {
var_dump($e); # this usually comes out to expired tokens
}
I want to be able to
if (checkFBTokenStatus())
// do everything with no worries
else
gotoFBLoginUrl(); # re-log them in to get new access tokens
I also want a clean solution which I can adapt easily in case a user changed passwords, they authorized the app etc. I'm currently working off of this blog post but I dislike the way it works and it doesn't really make sense. Furthermore, I'm hoping they've updated the mechanism since that blog post was put up. Thanks.
Upvotes: 0
Views: 2249
Answers (1)
Reputation: 6777
What's wrong with:
try {
$permissions = getFBPerms(); # this seems to work fine even with expired tokens
doFBApiCall(); # this will throw an exception withe expired tokens
// Do whatever you want...
}
catch (FacebookApiException $e) {
gotoFBLoginUrl(); # re-log them in to get new access tokens
}
?
Of course, you can make a call to, for example, /me to check whether the token is valid, but that will imply executing one extra call before each API call, that doesn't make much sense..
Also, I wouldn't rely on expiration date (tokens should least 3 hours from creation), since it might not be exact. Correct way is to catch the exception and then redirect the user to login page.
Or, the brutal way, ask for tokens that doesn't expire :)
UPDATE: The deauthorize callback
if you go in the "Advanced" pane of you app settings, you'll find the "Deauthorize callback" field, in which you can insert an URL that is pinged when an user deauthorizes your app. This way, you have a certain way to tell whether an user removed your app.
Upvotes: 4
Related Questions
- Facebook access_token expires after 2 hours
- Facebook Access Token is Expired using Facebook SDK PHP
- Facebook SDK v4 Access Token Expiration
- Facebook PHP API and token expiration
- how to avoid expiring access token facebook
- How to get access token if it expires
- how to resolve facebook acces token expiration issue?
- Facebook Access Token Expiring Prematurely
- Expiry Time of facebook access token
- How to get value of "expires" parameter of access_token using Facebook PHP SDK?