I am working with old version of Facebook access_token endpoint. But i cant find description of expires value returned by the server..
The value is: 5183764
What is it? Seconds token expires in? I have tried to convert the current Linux epoch time + returned into date and the token would expire in October.. Is it OK?
What is it? Seconds token expires in?
Yes, it’s the seconds until the token expires. https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow#exchangecode
I have tried to convert the current Linux epoch time + returned into date and the token would expire in October.. Is it OK?
About two month is the lifetime of an extended user access token, so yeah – that sounds o.k.
Related
I have access token that should be valid for 10 hours, but it expires after 30 minutes. I use it to call Keycloak rest api and it works for half an hour, but after that I get 401 - Unauthorized. I decoded it on jwt.io and exp claim is 10 hours after I aquired it. I checked system time and everything seems fine. What could be the problem?
Since you have not shared your config, I am assuming you are setting "Access Token Lifespan" as 10 hours (same is reflected in your jwt as you mentioned).
To avoid the login again and again, you need to set SSO session time as 10 hours. (See 2 and 3 highlighted in below image.)
Now coming to access token, if you are using a browser to test your api, you can set it to any value less than your SSO session value. As the session cookie will be automatically handled by the keycloak.
However, if you are using PostMan or other client to test your API and want to use same token for 10 hours, then set you access token also to 10 hours.
For more details, refer: https://www.keycloak.org/docs/latest/server_admin/#_timeouts
I have an Android application with Account Kit for SMS authentication and it creates a TOKEN that expires after a few weeks but I want to know when.
In the documentation it is said how to check if a token is valid or not:
https://developers.facebook.com/docs/accountkit/graphapi/#at-validation?
GET https://graph.accountkit.com/v1.3/me/?access_token=<access_token>
but how to know the expiry date of a token? I searched and found no way.
In this doc it said how to get the expiration date with the Debug Tool but I think it's for Facebook graph API token and not account kit which is different, because I test it and I get always "Malformed token" :
https://developers.facebook.com/docs/facebook-login/access-tokens/debugging-and-error-handling?
In Android I can get the Last Refresh and the Refresh Interval in seconds but not the expiry date:
Token last refresh => Mon Nov 12 02:33:19 GMT+01:00 2018
Token refresh interval in seconds => 2592000 (1 month)
How to know the expiry date of a token Account kit? and how to get it never expired? does that mean that the token expires 1 month after the last refresh?
Thank you for your answers.
is there a way to get longer token expiration time, or some kind of "permanent" token for client application ( Similarily as in DropBox API's)
SInce there seems to be problems with resumable upload to google drive when token expires, this could help in this situation ?
or is there just a way to define the token validity time to be bigger than 1 hour
br. Jarno
No accessTokens are only good for 1 hour. But you have a refreshToken that was returned along with your accessToken. You can use that to get a new AccessToken when the first one has expired.
Options:
Test either the expire time to see if its getting close to expireing and get a new one before it expires.
Wait until you get the error that says it has expired. Then request a new AccessToken
Personaly I like to get a new one 5 minutes before my AccessToken expires then I avoid an error from the google servers.
I am a little confused about calculating the time until the access token expires.
I am using server authentication (http://developers.facebook.com/docs/authentication/server-side/).
When I get the authentication code from the Facebook's request to my redirect URL, I send an authentication request back to Facebook and I get the access token along with 'expires' parameters, lately I could see that the expires is a long value that represents the time in seconds until the token expires. For some reason I think it used to be time in miliseconds.
Can I assume that the expiration time is now + expires (in seconds) - it seems to me too long (about ~5109691 seconds) - does it make sense?
Thank you for your help.
Server authenticated access tokens are valid for two months.
The value you are receiving is correct.
Edit:
https://developers.facebook.com/roadmap/offline-access-removal/
Read the 'Server-side OAuth Developers' section.
I ask for a Facebook access token with deprecate_offline_access turned on, and I get following response:
access_token=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX&expires=5183977
Does anybody know, what "expires" parameter means? It's value is not timestamp...
I would like to know when the token expires, how could I do this?
Thank you.
The "expires" parameter is just the time remaining from the time of request until the expiration time. It should be read as "expires in 5183977 seconds from time of request".
5183977 seconds = 59.9997337962963 Days.
and answer to your last question 'what will I get if token is expired? will I get exception or just expired=0?'
you will get notification before token expire. If it is already expired (for mainly different reasons explained in facebook developer documentation) you have to re0auth the app and have to get new access token which will be again valid for next 60 days.