Storing a user's Facebook access token

facebook oauth access-token
Collin O'Connor picture Collin O'Connor · Jun 1, 2011 · Viewed 26.2k times · Source

I have a database that stores a user's access token (along with some other data). My list of permissions include offline_access when I authorize the user.

So will the user's access token (client side) always be the same as that user's access token in the database? Or can the user's access token change when they log out, change their password, etc?

Answer

bkaid picture bkaid · Jun 1, 2011

No, the access token will not always be the same, even with offline_access. You will need to get a new access token when 1) the user changes their password or 2) deactivates your app. Otherwise, it should remain the same.

The users Facebook id will never change though. This can be parsed from the access token or obtained by calling the /me graph api.

Facebook has a blog post that goes on in detail about this.

Update: Facebook added a blog post specifically for handling revoked authorization.

Related questions

Facebook Access Token for Pages

I have a Facebook Page that I want to get some things from it. First thing are feeds and from what I read they are public (no need for access_token). But I want to also get the events... and …

Read More
What is supposed to be the redirect_uri when getting access token in facebook app?

$token_url = "https://graph.facebook.com/oauth/access_token?client_id=" . $app_id . "&redirect_uri=" . urlencode($my_url) . "&client_secret=" . $app_secret . "&code=" . $code; What is supposed to be the redirect_uri? I tried using this 'https://…

Read More
Use Device Login on Smart TV / Console

I have noticed that Facebook seems to support Device Login with a token / PIN Code instead of user/login to be used on devices like TV or console: https://www.facebook.com/device In the search of the dev page …

Read More