3

I have created a simple facebook app and I want to store the facebook token in my mysql database. What field type do I have to use to store the facebook token ?

xRobot
  • 25,579
  • 69
  • 184
  • 304

1 Answers1

6

You will want to store the access_token as well as the user_id that you get back from the facebook authentication API, so if you need to regenerate the access token you can do so with the user id.

Please be aware that Facebook will be phasing out the offline_access permission, which is the backbone of most permament-auth style apps where the access token is saved to the database as the main authentication credential. This will mean that the old server-side approach of relying on one access token indefinitely will no longer be possible. Details on this change can be found here:

https://developers.facebook.com/roadmap/offline-access-removal/

As far as field types go, you can store both as mysql VARCHAR(255) or TINYTEXT

What is the length of the access_token in Facebook OAuth2?

Community
  • 1
  • 1
DeaconDesperado
  • 9,977
  • 9
  • 47
  • 77
  • I am creating a simple blog site and, after the user is logged with facebook, each blogpost is posted automatically on facebook ( by using the facebook token ). Is this function available in the future when there isn't the offline access ? – xRobot Apr 30 '12 at 20:23
  • 1
    Basically you will need to regenerate the tokens with a login periodically (60 days), or switch over to the client side JS SDK and rely on the facebook cookie in the browser to determine login state. (IE if the user is logged into facebook, they are authed for you) If you're doing this in a web environment I really suggest switching to the JS SDK (I just finished this migration myself.) Implementing the login and keeping state consistent is so much easier using the prompts they provide, and the removal of offline access obivates any advantages of the old approach. – DeaconDesperado Apr 30 '12 at 20:27
  • So, with the JS SDK regenerating tokens is much easier ? Thanks :D – xRobot May 01 '12 at 06:28
  • Alot of the interactions are simplified, assuming you're comfortable with integrating some client-side code into your authentication flow. The way we accomplished this on the team I work with was to associate the database users by the facebook user ID. A call to the SDK method getAuthStatus checks for a valid session, and then from there everything is handled by the cookie state in the browser. The facebook cookies are available to the SDK regardless of domain. – DeaconDesperado May 01 '12 at 23:05