Home Should the user be logged-in to the client in order to renew a long-lived token
Reply: 0

Should the user be logged-in to the client in order to renew a long-lived token

user1623
1#
user1623 Published in July 18, 2018, 10:30 pm

Our web app allows users to connect to Facebook. In the authorization process, the users are redirected to Facebook login flow. The web app is able to obtain a long-lived access token for each user using a server side flow (not using JavaScript SDK). The long-lived access token is expiring after 60 days.

Based on the documentation, a long-lived access token can be refreshed if expired.

Refering to Facebook documentation, this is mentioned as: "Even the long-lived access token will eventually expire. At any point, you can generate a new long-lived token by sending the person back to the login flow used by your web app - note that the person will not actually need to login again, they have already authorized your app, so they will immediately redirect back to your app from the login flow with a refreshed token - how this appears to the person will vary based on the type of login flow that you are using, for example if you are using the JavaScript SDK, this will take place in the background, if you are using a server-side flow, the browser will quickly redirect to the Login Dialog and then automatically and immediately back to your app again."

My question is:

If we are generating a long-lived token by sending the person back to the login flow user by the web app, it was mentioned in the above documentation that the person will not need to login again if they have already authorized the app.

Does that mean that he will not need to login again even if there is no available Facebook logged in session in the browser ?

You need to login account before you can post.

About| Privacy statement| Terms of Service| Advertising| Contact us| Help| Sitemap|
Processed in 0.307715 second(s) , Gzip On .

© 2016 Powered by mzan.com design MATCHINFO