How to transparently renew the Facebook access token while processing a service method which uses Facebook API calls?

user1366349 picture user1366349 · Apr 30, 2012 · Viewed 7.6k times · Source

I have a WCF service which runs in IIS 7.5 and VS 2010. This service has some methods which internally use the Facebook C# SDK (version 4.1, not latest) in order to perform some GET and POST from/to Facebook. Since Facebook will soon remove the offline_access I have to handle the situation where an access token is expired.

I have understood the way the authentication is performed (in order to get the code and after having the code to get the access token) in order to use the Graph API for getting Facebook information (as presented here).

I have two questions:

  • When my service method is called and I retrieve the token of the appropriate user from my DB, is there a way to know if the access token is expired or not?
    I have read that when a Facebook API call is performed and the access token is expired then the following exception is thrown: OAuthException. But is there any better way to detect the expiration? I don't want to
    1. Call the Facebook API
    2. Handle the exception
    3. Renew the access token and finally
    4. Repeat the initial call with the new access token.
  • Is it possible to renew the access token of the user transparently (store it also in the DB) and continue to handle the service method? In this resource, the important ("Renewing an Access Token") part is missing (declared as [todo])

I would like to achieve the following scheme, in the implementation of the Service Method:

sc = SocialNetworkAccountDao.GetByUser(user)

isExpired = call method to check if the sc.token is expired.

if (isExpired)

{

  newToken = call method for getting new access token

  sc.token = newToken;

  SocialNetworkAccount.Update(sc);

}

Facebook = new Facebook (sc.token)

Facebook.Post( ..... )

--

The process to communicate with the QAuth dialog is asynchronous (a redirect is performed), and the communication with access token url to get the access token this is performed synchronously.

Final Question:

  • Is there a way the service method to wait for the new access token we retrieve from the request / callback with Facebook in order to continue later with the new access token?

Answer

Nitzan Tomer picture Nitzan Tomer · May 4, 2012

I don't know about the C# SDK, but ALL facebook SDKs are basically just wrappers for http request to the graph different urls.

If you use the server side authentication flow then you should get a long lived token (about 60 days), and you get the expiration time with it, when it expires you need to re-authenticate the user, there's no way to extend the token.

The client side authentication returns a short lived token (about 2 hours) but you can use the new endpoint facebook provided to replace the "offline_token". You can only use that with still valid access tokens.

Also, no matter what, you always get the "expires" time when you get an access token, unless it's an application token which does not have an expiration date.

In either case, if you get a long lived token you can store it in the database and use it on the server side, but be aware that the token can still get invalidated for a number of reasons.

You can also use the official documentation for Handling Invalid and Expired Access Tokens. If the C# SDK doesn't work well for you then you might want to just implement it yourself, for your own needs, should be pretty easy.