What to do when OAuth token stops working?
I am using the Graph API for an app that chooses a "fan of the week" for Facebook pages and announces them automatically to their feed.
For the purpose of announcing the fan on the feed, I store the OAuth access token for the user who installed the app. However sometimes the tokens get invalidated and then the app will fail to post to the feed.
{
"error" : {
"message" : "Error validating access token: The session has been invalidated
because the user has changed the password.",
"type" : "OAuthException"
}
}
Here is another type of error I also get sometim开发者_运维百科es:
{
"error": {
"message": "Error validating access token: Session does not match
current stored session. This may be because the user changed the
password since the time the session was created or Facebook has changed
the session for security reasons.",
"type": "OAuthException"
}
}
I already have the "offline_access" for these users, but the tokens are still becoming invalid sometimes. Is there anything else I can do to prevent this from happening, besides sending the user an email asking them to visit the app page again so that I could get a new OAuth token?
There's no way around this that doesn't require user intervention of some kind. If it's an app or page users are unlikely to visit frequently, then sending that e-mail sounds like a good idea. When users visit the page or app you can use the FB Javascript SDK, which automatically refreshes sessions, and subscribe to the FB.Event.subscribe('auth.sessionChange') with a handler that updates the token in your database.
If you are trying to publish to a users feed and you have publish_stream permission which hasn't been revoked, you can mostly likely still publish to /userId/feed using an access_token in this format: appid|appsecret. Note that /me will obviously not work because you are using the applications access token.
精彩评论