Facebook authorization every 2 hours! how to only show once?
Hi I have to following problem. I implemented the newest facebook sdk with the guide they provide. So I do save the expiration date and the token in userdefaults. But every 2 hours I have to authorize my app again. Facebook alsways takes me to a site where it says:
"You have already authorized APP_NAME. Press "Okay" to continue."
I think this is pretty annoying for the user so how can I stop that behavior? I want the user to authorize it once and then never ever again.
I found that if I ask for offline_access the token never expires BUT I don't want to give the user the impression that my app does post on his wall without him knowing about.
Description of offline_access:
Enables your app to perform authorized requests on behalf of the user at any time. By default, most access tokens expire after a short time period to ensure applications only make requests on behalf of the user when the are actively using the application. This permission makes the access token returned by our OAuth endpoint long-lived.
Is there another way to not show the user this authorization dialog every 2 hours ?
EDIT: I also found this:
When you redirect the user to the auth dialog, the user is not prompted for permissions if the user has already authorized your a开发者_如何学Gopplication. Facebook will return you a valid >access token without any user facing dialog. However if the user has de-authorized your application then the user will need to re-authorize your application for you to get the access_token.
but in my case I always get the above mentioned screen why is that?
I found that if I ask for offline_access the token never expires BUT I don't want to give the user the impression that my app does post on his wall without him knowing about.
It true that it's a badly named token, and the description on the auth dialog copy is scary. If you think about it, there's no reason you couldn't programmatically take any authorized action without the user physically triggering it. The fact of the two hour timeout just limits your window to do that, is all.
If I were you, I'd use offline_access, and then present the user with some copy explaining your interactions with Facebook, and making some promises about how you will and won't interact with Facebook on their behalf.
精彩评论