tags:

views:

58

answers:

2

My site utilizes lifetime access tokens (offline_access). However, if the user changes his/her password, the access token gets reset. Is there a method to check if the current access token is valid before making calls to the Graph API? Thanks for your time.

+1  A: 

Offline, without sending anything to facebook - I don't think so. The easiest way is probably to send a request to:

https://graph.facebook.com/me?access_token=...

Facebook also supports subscriptions for real-time updates, but I am not sure how to apply them to this situation.

serg
A: 

The real time updates would allow you to solve this problem, but it would be pretty complicated. Basically, you can subscribe to updates that will tell you 1) if the user removed the app or 2) if the user removed permissions. You could use this to store the current permissions of the faceboook user. This way, if the user removed your app you would know that the access token is expired.

Real time updates is actually facebooks recommended way of handling permissions. Many apps make api calls every time a page is loaded to check for permissions. This tends to be slow and unreliable.

Nathan Totten

related questions