Should a user authorize each time i need an access token?

views:

answers:

+1 Q:

Should a user authorize each time i need an access token?

In the facebook authentication guide, i am suppose to:

Get the user to authorize my application, by redirecting them to authorize uri.
Get my access token from facebook by hitting the /outh/accesstoken uri.

Lets just say, that for whatever reason, this token is no longer valid. Do i need to perform step #1, or can i hit the /outh/accesstoken uri again?

If the token is no longer valid, you have to get a new one.

Nick Gerakines 2010-05-14 00:07:19

Do i need to get the user to reauthorize my application (step one and two in the question), or do i just simply get a new token (step two only)

2010-05-14 00:15:24

You just need a new token.

Nick Gerakines 2010-05-14 00:29:24

+1 A:

OAuth 2.0 allows for "refresh tokens" which will do exactly what you want (hit the access token endpoint for a new token). However, Facebook does not support them.

If you want access after the user initially signed in, then you have three choices:

1/ Use the FB JavaScript library to request access in an iframe. It's not using OAuth (yet) but it will do it with minimal user disruption.

2/ Reirect the user to the OAuth endpoint again. If they have already authorized the requested scopes, then it will direct back immediately.

3/ Ask for the "offline_access" extended permission. This should only be used rarely.

Luke Shepard 2010-05-14 04:21:06

ansaurus

tags:

views:

answers:

Should a user authorize each time i need an access token?

related questions