I plan to add Facebook integration to the web application I'm working on. For the most part, this happens smoothly, but I am confused about the correct way to handle the OAuth token.
The sequence of events presented by Facebook here :
- Ask the user to authorize your application, which sends them to the Facebook window.
- This will return the authorization code generated by Facebook.
- Then you click https://graph.facebook.com/oauth/access_token with your authorization code, which will give you a time-limited OAuth token.
- Using the OAuth token, you can make requests to access the Facebook user profile.
The Facebook documentation has the following words about the token expiration:
In addition to the access token (access_token parameter), the response contains the number of seconds until the token expires (expires parameter). Once the token expires, you will need to repeat the steps above to create a new code and access_token, although if the user has already allowed your application, they will not be asked to do it again. If your application needs an access token with an infinite expiration date (perhaps in order to perform actions in the interests of the user after they do not use your application), you can request offline_access permission.
, , , OAuth? (UID , , OAuth) ?
, , , - Facebook.