4

When do I need to use the access token stored in my database?

  • This access token is a user access token.
  • It seems like the PHP SDK does a pretty good job of getting an access token on it's own. Though this looks like it's handled through a Session.
    -- What if the Session gets wiped somehow?
    -- Should I provided a link?
    -- Or should/can I automate this somehow?
  • I am new to Facebook's Open Graph API.
  • I am using the Facebook PHP SDK.

I also got a little confused with the docs on Facebook and implementing the PHP SDK. After spending a decent amount of time mixing and adapting the two I realized that almost all examples in the docs are a part of the PHP SDK. Hence my above question.

hungerstar
  • 21,206
  • 6
  • 50
  • 59
  • 2
    There is no real need to store the `access_token` at all. Chances are, next time you want to use it it'll already be expired. Unless of course you are using an extended access_token... – Lix Jul 15 '12 at 21:14
  • Lix is right (should be an answer). – borisdiakur Jul 15 '12 at 21:18
  • I am using an extended access token. My app uses the 60 day long lived token. – hungerstar Jul 15 '12 at 21:24
  • I just answered this earlier today regarding a Twitter api question so perhaps this will help: - http://stackoverflow.com/questions/11491674/how-should-i-store-twitter-token-so-users-dont-have-to-go-to-twitter-oauth-ever/11491762#11491762 – Mike S. Jul 15 '12 at 21:15

1 Answers1

3

There is no real reason you need to store a users access_token in your database. Chances are the next time you come to use it - it'll be invalid already. They only last for an hour or two in my experience. Officially, the documentation states :

When you obtain an access token from Facebook, it will be valid immediately and usable in requests to the API for some time period defined by Facebook. After that period has elapsed, the access token is considered to have expired and the user will need to be authenticated again in order for your app to obtain a fresh access token. The duration for which a given access token is valid depends on how it was generated.

There is no concrete time period of how long a (normal) token can be valid so there would be no reason to store it. If you wanted to have an exhaustive log of all transactions with the API you could store the token as a reference - but that is overkill IMO...

The only reason to store your tokens at all would be if you are dealing with extended access_tokens. If you are looking into that field, I can recommend this post - " http://facebook.stackoverflow.com/questions/8982025/how-to-extend-access-token-validity-since-offline-access-deprecation ". It seems to be the most comprehensive post dealing with extending the validity of an access_token. You'll want to do this if you want to make calls to the Graph API on behalf of the user when s/he is not necessarily connected to your application (or logged into Facebook at all for that matter - don't know if I like that at all...)

Lix
  • 47,311
  • 12
  • 103
  • 131
  • I am using the extended access tokens. My issue is not with extending a 2 hour short lived token I have seen solutions like the one you have posted if needed. I have seen a lot of posts, here and other places, with the suggestion that one should store the access token somewhere like a database. But as the PHP SDK does so much of the work I started to question the need to store it or at least when to use it. I believe if I'm going to post to a fan page I'll have to change the access token the PHP SDK is using. – hungerstar Jul 15 '12 at 21:34
  • Okay, then what would one do if the Session is wiped for some reason? As this appears to hold the access token for me until it is expired and if it is it appears that the PHP SDK will request a new one for me. – hungerstar Jul 15 '12 at 21:38
  • I guess that's a separate question from the original post. – hungerstar Jul 15 '12 at 21:39