0

I wonder whether access_token provided by Facebook, Twitter or Vkontakte API depends on IP of requester or not.

I have checked this page: http://en.wikipedia.org/wiki/OAuth but it says nothing about IP.

Might it be vendor-implementation dependent or there is some strict regulation?

Nikolay Kuznetsov
  • 9,467
  • 12
  • 55
  • 101

1 Answers1

3

nops, they are not IP dependant. they are just application specific. if you have access token for certain application, you can use the same with that application from any IP address, even from your local server.

Smita
  • 4,634
  • 2
  • 25
  • 32
  • thanks for reply! any proof link, so I can accept the answer? – Nikolay Kuznetsov Oct 23 '12 at 11:20
  • 1
    I replied so because for my facebook application I store user's access token in db and i am able to query their facebook even from my local server while testing something. btw for your proof link, i searched a little and got this thread, have a look [oauth token security](http://stackoverflow.com/questions/7105364/oauth-token-security) – Smita Oct 23 '12 at 11:44
  • Read the RFC, it’s linked in the Wikipedia article ;-) – CBroe Oct 23 '12 at 11:44
  • thanks Smita, I believe you are right. Can we discuss more on FB? I was told by friend that they might be IP-dependant without any proof, so started to doubt.. – Nikolay Kuznetsov Oct 23 '12 at 11:53
  • sure, no problem. what else you want to discuss? – Smita Oct 23 '12 at 12:00
  • 1
    Paste an access token into https://developers.facebook.com/tools/debug/access_token and you will see the fields of data that it encapsulates & represents – James Pearce Oct 23 '12 at 20:47
  • James, this is a very useful link. Thanks – Nikolay Kuznetsov Oct 24 '12 at 06:28
  • @Smita, do you have any idea how to integrate Facebook chat in Java desktop application? – Nikolay Kuznetsov Oct 24 '12 at 15:07
  • @NikolayKuznetsov sorry No, i havn't worked with facebook java api ever. you can ask as question here, many people might be knowing. – Smita Oct 24 '12 at 15:51
  • @Smita, btw, I am working Russian social network Vkontakte now, and appears that they do issue IP-dependant access_token: "{"error":{"error_code":5,"error_msg":"User authorization failed: access_token was given to another ip address." – Nikolay Kuznetsov Nov 12 '12 at 05:08
  • oh, then they may have. I have worked on facebook, LinkedIn an twitter API these doesnt give IP dependant tokens. – Smita Nov 12 '12 at 08:06