what is the validity of the facebook javascript sdk access token that is stored in the cookie

views:

answers:

what is the validity of the facebook javascript sdk access token that is stored in the cookie

If I use the facebook javascript and xfbml to get a user to login to my app and grant me offline permissions.

Can I then at the server

read the cookie set by facebook,
get the access token
store it in a db
and use it over time

or is this access token valid only during the active session "even though I've requested and obtained user permission for offline use"

Yes, you can do everything you stated and user the access token indefinitely if you request "offline_access" from the user. If you don't request offline_access the access token expires after a few hours. The only reason the access token will expire is if the user removes your application or removes the offline access permission from your application.

Nathan Totten 2010-10-15 22:47:33

So what does the "Exchange session key for an access token" do that is documented at http://developers.facebook.com/docs/authentication/ "To convert sessions, send a POST request to https://graph.facebook.com/oauth/exchange_sessions with a comma-separated list of sessions you want to convert"

molicule 2010-10-16 00:03:01

The javascript sdk handles everything you will need in regards to getting the access token. You really dont need to worry about the details of the OAuth specification or the various ways Facebook does authentication. If you use the javascript sdk a cookie containing the offline access token will be available for you to read.

Nathan Totten 2010-10-16 03:22:51

ansaurus

tags:

views:

answers:

what is the validity of the facebook javascript sdk access token that is stored in the cookie

related questions