I've been through many articles and everyone says Facebook token is valide for 60 days. I've tried many times with my app and the token I get is only valid for 10 days. Can someone help?
BTW:I'm using Spring social library for Java.
Updated: Found the problem cause. It's a bug from Spring social. It uses an Integer when calculating dates and it always returned 10 days.
Related
So I have a Django app set up with auth and a few Groups and users. What I'm trying to do now is have a timed trial so users could have a login that would expire after 7 days. I've researched this and haven't been able to find anything. Feel like I'm missing something obvious. Any suggestions?
I have been having a bit of a problem lately with the Facebook News feed. I am using
$mynewsfeeds = (new FacebookRequest($session, 'GET', '/me/home'))->execute()->getGraphObject()->asArray(); to fetch News feed. It was working perfectly a week ago, providing 10 stories with next and previous values. But now its returning only one story. I have checked in facebook api explorer and its working perfect there. I have 'read_stream' permission and also long lived access token.
I submitted the same in facebook developers community and found out that its Fb bug...
https://developers.facebook.com/bugs/449167695235902/
Hope this helps others too...with same issue
This has been fixed facebook development team... Hope this helps others too.. with same issue.....
:)
https://developers.facebook.com/bugs/449167695235902/
I've been scouring the net for ages with this one, and I'm not sure if there is a solution at all, but thought I'd post and see if there's a response... thanks in advance!
Several of our customers (who we build websites for) have their Facebook feeds brought into their website (and their Twitter feeds). Before the removal of the offline_access permission, this was no problem. We'd set our app up, authenticate the account, get the access token and then we could bring in the live feed into their websites forever. However, now with the new system, there doesn't seem to be a way of doing this without human intervention.
Essentially, we have these websites bringing in the feeds from the relevant Facebook accounts, with the long access_token (60 day token). However, when this limit is reached, there is no "user" to re-authenticate the app, as its just the server that makes these requests. Is it a case of having to set reminders for all these accounts, and then every two months we (as the web agency) have to log in to all the accounts and get new access tokens to provide to the scripts so they can carry on working? Or is there an alternative which I am just not seeing?
Thanks again!
Neil.
There is no alternative that I know of. Once the token expires after 60 days, the user must re-authenticate.
No alternative way, user must login to provide you the new access token
https://developers.facebook.com/roadmap/offline-access-removal/
Our users can invite their friends to our app by posting to their friends' walls. Some users have gotten really excited and invited hundreds of their friends (woohoo!), but we're constantly getting the "(#341) Feed action request limit reached" Oauth error and these never make it to any walls (argh).
I know FB limits the posts per user per day (I can see we're limited to 30/user/day in my insights page and the first 30 that were sent seem to go out) but it's been over 36 hours since the last post and I'm still getting "Feed action request limit reached" Oauth errors.
Should the limit have reset at this point? Is there a way to see if they're being blocked because FB thinks they're spam?
You'll probably get disconnected by anti spam systems if you're using wall posts as an invite mechanism - posts like that get blocked and removed quite a lot by the target users.
To answer your question, the feed action limit is a rolling window as far as i know, so doesn't reset after 24 hours exactly - if the API call fails just wait and try again later - I don't think using the Feed Dialog is subject to the same limits because it's manually approved by the user instead of just being up to the app to ensure policy compliance
My spec says 30 days. I am about to argue for quite a longer TTL, something like 90 - 120 days. What do you think?
This is for a standard website, not an intranet app.
My personal advice would be to do it as a combination of relatively-short expiration cookie with sliding expiration and a long expiration identity cookie.
The first part is your standard week/month-long expiration authentication ticket cookie, which you renew on each request or at certain time interval, or whatever other sliding expiration scheme you want to employ.
The second part is you remember the identity of the user in a half year/year-expiration cookie. This is not an authentication ticket, just an identity reminder, so that if the user returns after their session has expired, they get greeted and you might choose to show some non-sensitive personal information, like number of emails in inbox or anything like that, but to actually access any sensitive information, they need to authenticate themselves.
This will give your regular users (visiting every day or week) continuous never-expiring session, while still keeping the authentication tickets with relatively short time frame. At the same time, for people that return after more than a month, you can still give them a personalized experience, yet their account is secure. I don't think anyone would actually have a problem, if you ask them to authenticate to access certain parts of their account after a month of absence, even if they'd checked the remember me/remember my password checkboxes.
It Depends is the most natural answer. Additionally, we should also ask the user if it's a personal laptop or shared workstation or a public machine.
If Is it a social network or a mail portal or something similar than 2 weeks. in case of personal workstation >4 weeks. If it's a banking system then there's nothing like Remember Me and persistent auth. In fact session should be terminated for no activity in last 15 minutes.
So It depends.
Its depends upon whos using the system. If its an employee of a company using his assigned computer regularly and one of the intranet site sets up "remember me" cookie it can be longer a year or more.