Decrypt or decode Facebook access token from Facebook Graph iOS SDK

The Facebook iOS SDK is granting encrypted or encode开发者_运维百科d access tokens in this format:

v9ylvkttPnuFWUX4KVdjDPB0SRXkuKX7z281rqjHuG0.eyJpdiI6ImEwWXBDaEtncWpDTU5ibUNuQWdROWcifQ.Y-DwxRY2ZAFZiP7EVuR-HksXqmGw9LXP6umGrfz2XnjSLm0a508u7_jXq0_Kz5a2S8AUUulzUvIRVxTS51_i6VfSByOCbFBIKoBe0-n-Pa8NC29wbuVmGJLvq4W-ezhv0DzA3diiCIqCybt9ELDXoA

Using oAuth on the web, Facebook provides unencrypted / unencoded access tokens in this format (this one is not real):

213455681425|1.BGgrgnfWrdpG_X18.3600.1213252135.2-1334679|dHcDbxGbeYbLg3SRgw12fdf4gd60

How can I decrypt/decode the iOS access token so that I can read the expiration unix time value and user id like I can with the unencoded tokens? The reason I need the expiration date is to determine when it expires, and I need the user id to publish with the appID|appSecret style access token in the event the access token is expired yet the user hasn't revoked publish_stream access.

That access token never expires since it has the offline_access permission. See here.

In this case it looks like the user expired the access token by de-authorizing the app or changing his/her password. To mitigate against this, look into using an app deauthorization callback url. Here's some more details:

When a user of your app removes it in the App Dashboard or blocks the app in the News Feed, your app can be notified by specifying a Deauthorize Callback URL in the Developer App. During app removal we will send an HTTP POST request containing a single parameter, signed_request, which contains the user id (UID) of the user that just removed your app. You will not receive an user access token in this request and all existing user access tokens will be automatically expired.

http://developers.facebook.com/docs/authentication/