Any way to pull out session key from access token returned by Facebook iOS SDK?

Jerry Tian picture Jerry Tian · Mar 1, 2011 · Viewed 12.2k times · Source

I need Facebook session key to be used in this senario: http://developers.facebook.com/docs/chat/#platauth

However, the current Facebook iOS SDK returned us a access token which is not enough for this case. I digged around a lot , found this question here:

http://www.quora.com/Do-the-OAuth2-access-tokens-in-the-new-Facebook-Graph-API-expire

But the format it described doesn't have a similarity to the access token we got.

I am a little confused on these things.

By the way, I checked out an old version iPhone targeted old Facebook SDK to test, since this older SDK provides session key directly , but this SDK now always display a error page from Facebook after a successful login. Seems this SDK is fully deprecated?

To make this question clear, this is the access token(embedded in the URL) I got from Facebook iOS SDK:

fb193174047373858://authorize/#access_token=IwDbeiWINrotP3JOd1EGoEY7OmOBd2DyV8lh73mutCM.eyJpdiI6IkdKd3BvWlItcWlWRzIwTGYtUkRUVWcifQ.J6qNtSibMmm0yFe2QNHG46jnIUXef3dV-NnbYqXkfrFABjPrgMPQRUeKHJ3GxX1T3nlU7-4P8FUT6dlfwSwHfNJrheTUZIXdd3AlsSRUiUer5xEdFA9IsGEMn6GyHheH9DSr76IeZcBjl-_s4ub3kg&expires_in=0

Answer

Bharat Biswal picture Bharat Biswal · Mar 1, 2011

I still dont have the formula to convert FBAppAuth-ed or SafariAuth-ed access_token fragments to session_id. However, the following description will help in getting an access_token in described formula which can then be easily fragmented to derive session_id. Hope this helps.

In iOS SDK Version 2, login is handled by following API in Facebook class:

- (void)authorize:(NSArray *)permissions delegate:(id<FBSessionDelegate>)delegate;


In the implementation of same API, if we turn off the FBAppAuth and SafariAuth, then it will invoke login dialog box and the returned access_token will be of format APP_ID | SESSION_KEY | DIGEST

- (void)authorize:(NSArray *)permissions delegate:(id<FBSessionDelegate>)delegate 
{
  [_permissions release];
  _permissions = [permissions retain];
  _sessionDelegate = delegate;
    //[self authorizeWithFBAppAuth:YES safariAuth:YES];
  [self authorizeWithFBAppAuth:NO safariAuth:NO]; // Turned off FBApp and Safari auth
}


The returned access_token can be captured in following call back method in Facebook class (please put a NSLog to print the token) :

- (void)fbDialogLogin:(NSString *)token expirationDate:(NSDate *)expirationDate