Announcement Announcement Module
No announcement yet.
Expired authorization Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Expired authorization

    I am using the social example with mysql but after a few weeks (a month?) I found this exception when checking the Facebook profile on the example eption

    When I disconnected and reconnected it was fine.

    Is there a way to request access that doesn't expire?
    otherwise the user has to disconnect and reconnect. Seems cumbersome

    I only checked this on Facebook. Is twitter the same? Do they have a default expiration
    by default?

  • #2
    That's the nature of OAuth 2 providers; the OAuth 2 specification allows for tokens to expire and most providers (including Facebook) implement that part of the specification. (Twitter is an OAuth 1.0a provider, so it doesn't expire tokens.)

    Per the specification, clients can renew expired tokens by issuing a refresh token in exchange for a new access token. And *most* providers implement that part of the specification, too. Facebook, however, does not. It's an incredibly long and frustrating story, but to sum it up Facebook tokens expire after about 60 days after which the only way to get a new token is to walk the user through the authorization flow again. (There's also a way to exchange a short-lived token for a long-lived token, but that only applies to client-side code, not server-side code. There also used to be a way to ask for non-expiring tokens from Facebook, but that has since been deprecated.)

    Currently Spring Social doesn't deal with expired tokens in a Facebook-specific way. The best thing you can do is catch that exception, clear out the connection, then send the user back through ConnectController to get a new connection. But I'm currently working on a solution to this to automate the handling of expired FB tokens (as well as a few other problems); see I've got a rough prototype written already and it's showing some real promise, but I'm not finished yet. Watch that issue to know when it is complete.