Access Tokens, Expiration date / length? any way to effect this?

[GT]

Hey.
Kinda related to my last post about expired credentials, do we know
how long the credentials stay valid for? and do we know what actions,
apart from explicitly revoking permissions to my app via Facebook,
cause the credentials to loose validity?

Im asking for the following permissions when users authorise my app:

create_event,offline_access,publish_stream,manage_pages

Id like to be able to give users more information about how the
permissions system works as at the moment it seems that everything
works fine, until they don't! and there doesn't seem to be any pattern
in it, ie, permissions last for 6 months or so.

Cheers.

[Anurag]

On Fri, Jun 3, 2011 at 2:32 PM, GT <sa...@gigatools.com> wrote:
> Im asking for the following permissions when users authorise my app:
>
> create_event,offline_access,publish_stream,manage_pages
>
> Id like to be able to give users more information about how the
> permissions system works as at the moment it seems that everything
> works fine, until they don't! and there doesn't seem to be any pattern
> in it, ie, permissions last for 6 months or so.

In my experience, access tokens granted via offline_access permissions
last for as long as it can. The only time I found them revoked was
when the user changed their facebook password.

Anurag

--
Anurag <0xB20A82C1>
http://web.gnuer.org/blog/

[GT]

OK that makes sense. thanks

Is this stuff documented at all? Ive had a look around but cannot find
anything. It would be great to know the definite list of causes.

[GT]

So changing your Facebook password after granting Access to my App
invalidates the previously saved oAuth Token..

Is this standard operating procedure for an API ? i thought the entire
point of oAuth was that the credentials were independent of the User's
Password?

How do you you guys handle this scenario with your users?
Currently I'm just sending Users an automated email telling them their
Facebook credentials have been invalidated and they need to
reconnect..

Thanks

[Anurag]

Yes, this seems counter to the whole idea of oAuth, but this is how
they've implemented it.

See http://bugs.developers.facebook.net/show_bug.cgi?id=12532 and
http://bugs.developers.facebook.net/show_bug.cgi?id=12017

However, if your users are website-only then its not much of a
problem. When a facebook user changes her password, facebook starts
sending updated signed_request parameter with the new access token.
Just save it to the db.

Anurag

> --
> You received this message because you are subscribed to the Google Groups "mini_fb" group.
> To post to this group, send email to min...@googlegroups.com.
> To unsubscribe from this group, send email to mini_fb+u...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/mini_fb?hl=en.

[GT]

Yeah my app is all Offline Access.. meaning users have to log into my
app and reconnect with Facebook.. which isn't the end of the world..
just annoying for them..

Thanks again Facebook.

On Jun 13, 3:20 pm, Anurag <gnu...@gmail.com> wrote:
> Yes, this seems counter to the whole idea of oAuth, but this is how
> they've implemented it.
>

> Seehttp://bugs.developers.facebook.net/show_bug.cgi?id=12532andhttp://bugs.developers.facebook.net/show_bug.cgi?id=12017

> > For more options, visit this group athttp://groups.google.com/group/mini_fb?hl=en.