is there a possibility to check when a fb-token will expire?
I've read Authenticating as an app and Handling invalid and expired access tokens and searched the interwebs for an answer but I couldn't find any.
Regards, Senad
The good news is, there's an endpoint for it now.
You can retrieve the information related to a particular Access Token by issuing a GET request to the debug_token connection. Something like:
GET /debug_token?
input_token={input-token}&
access_token={access-token}
You can get more information about it in the Getting Info about Tokens and Debugging reference.
Unfortunately there's no specific endpoint that will tell you if an access_token is still valid or not, but you can use the token to fetch anything and see if it return an error or not.
However if you are using the server side flow for authentication, they will send you an expire parameters that will hold the time in seconds that the token will remain valid (the sdk may hide this fact from you).
But as the Handling invalid access tokens page explains, there's a number of reasons why an access_token can go invalid so the expire field alone won't be able to tell you if the token is valid at the moment or not, so the only way to find out is to try using it and see if its returns an error, as the Handling expired... page states, you will have to be prepared for any graph request return errors.
You can manually check it here for a given access token:
https://developers.facebook.com/tools/debug
Related
Using the App Console, I am generating an Access Token for use by my java application.
Why is my access token expiring? It worked yesterday but today I get the below error.
How do I get a permanent token for my application to use? (Usage is similar to a "Google Service Account" that generates a permanent token.)
Exception:
InvalidAccessTokenException
{
"error_summary": "expired_access_token/...",
"error": {
".tag": "expired_access_token"
}
}
UPDATE 2022 12 02:
Thanks for the below information and links. After about 5 hours of working on wrapping my brain around the concepts and the example code, I finally got something working by doing the following:
(1) Using the example code and manual process at https://github.com/dropbox/dropbox-sdk-java/blob/main/examples/examples/src/main/java/com/dropbox/core/examples/authorize/ShortLiveTokenAuthorize.java I obtained an auth code.
(2) I then wrote java code to post the auth code to the https://api.dropbox.com/oauth2/token end point and receive tokens including the refresh token.
(3) I then wrote code to post the refresh token to the same end point to receive an access token.
It appears I can hold on to the refresh token and repeat step 3 to get access tokens each time.
HOWEVER, I must be missing something here.
This is WAY too much extra work that should be done either by the App Console and/or the SDK.
Also, it seems to me that a “Client Credentials Flow” should be available in the API and SDK.
Your thoughts?
Dropbox is in the process of switching to only issuing short-lived access tokens (and optional refresh tokens) instead of long-lived access tokens. You can find more information on this migration here.
Apps can still get long-term access by requesting "offline" access though, in which case the app receives a "refresh token" that can be used to retrieve new short-lived access tokens as needed, without further manual user intervention. You can find more information in the OAuth Guide and authorization documentation.
The official Dropbox Java SDK can actually handle the process for you automatically, as long as you supply the necessary credentials, e.g., as shown retrieved in the examples here.
I am trying to connect with microsoft live account with my website. I got offline refershtoken and accesstoken with expiration time by using documentation of microsoft.
Now the Question is how to check the token is valid(Expired) or not? Which url is giving the answer?
The response that returns the access_token and refresh_token should also contain an expires_in value that you can use to calculate how long the access_token should be cached. Once the cached token gets close to expiration you can trigger a preemptive refresh.
However, even with a preemptive refresh your application should be on the lookout for 401 responses from the OneDrive API, and use those as a trigger for a refresh. If you want to make a request solely to validate the current token is still good you could hit something like the following - but it won't tell you how long it has left, only whether it's ok at this instant:
HEAD https://api.onedrive.com/v1.0/drive
So this is a random question that I can't seem to see an answer to.
I'm using Token based auth in my application. When the login credentials are first sent to the system, a token is returned. That token is then required with each and every request afterwards. When the token expires, a refresh token is used to determine if a new one should be issued. All pretty basic stuff.
What I've noticed is that the token isn't returned to the client with each web call. As in, client sends a message to the server with the token, server sends a response, but doesn't include the token unless it has been refreshed. Now, obviously thanks to client-side storage the token is still available.
My question is whether or not it is a best practice to return the token with each and every response, even if it is unchanged. Or if this really isn't a big deal and I can just stop worrying about it.
Thanks in advance.
Generally no, the response should not contain the token as it's unnecessary at that point - the user has already been authenticated for that specific request and appropriate actions have been taken (either a 200 with data or 401 or whatever).
It is the responsibility of the client to know the token when making a request.
I logged into the API explorer and authorized my dummy company file here: http://idsapiexplorer.cloudapp.net/V2QBD#api
It is indicating everything is ok:
When I try to make a request, I keep getting the following response:
Here is the ErrorDesc:
<ErrorDesc>message=Exception authenticating OAuth; errorCode=003200; statusCode=401; source=OAuthStrategy; oauth_problem=token_rejected; cause=net.oauth.OAuthProblemException: token_rejected</ErrorDesc>
I'm guessing I'm probably not using this correctly. Is there any more documentation I can read to learn? Or is there an actual problem happening that is causing this error? Any help is appreciated.
The error means the token was not found, expired or invalid.
I would try refreshing your access token and you should be all set.
thanks
Jarred
I can retrieve my App users information using access token just after the user accepted my App, and I have stored the access token into my database.
However, when I want to update the information later, the access token become invalid and Facebook returned "message": "Error validating application.". It's quite interesting that only some of my users have this problem.
I have already set "offline_access" into the permission dialog, so the token should not expire. Also, I'm sure that the users have neither changed password nor removed App.
So, will the token become invalid sometimes even with "offline_access" set?
I had this problem and found it was due to coding error. The variable I used to hold the token was being garbage collected. It didn't always happen at the same point in time so it was a bit confusing.
So, my suggestion is, make sure the variable holding the token is a class varible.