2

I was wondering if anyone knows if the Facebook API is capable of Triggering a flag, to have the user change the password.

Reasoning: PCI Compliance. I'd like to integrate facebooks API through OAuth 2.0, however, the application I'm working on is required to be PCI Compliant, which means that a Password MUST be changed every 90 days... Any ideas?

Also, is there any spec for OAuth 2.0 to include triggering a password change?

DR9885
  • 161
  • 1
  • 4

1 Answers1

3

There's nothing in Facebook's API that requires the user to change password, nor is there any way for you to know if / when the user last changed their Facebook password.

If you're using Facebook login for something that needs to be PCI compliant you should probably look at having an additional password specific to your own system, and require that to be changed regularly.

Igy
  • 43,710
  • 8
  • 89
  • 115