0

All the questions I could find on SO on this topic were about 3 yrs old, so...

An iOS client uses the FB SDK to login user, then calls registration service on my server (so that I can create my own User object to model the person), giving the id of the user and the access token.

How do I verify that the access token I received is valid and that it corresponds to the given user id?

Let's say some time after user registration (may be days later), a web service is called again with FB user id and access token requesting information. I can see that this user id corresponds to a User object on my server, but how do I know that the access token is still valid?

Do I have to check with FB servers for token validity every time I get a webservice call using FB credentials?

Background

Creating an app that works across iOS, Android and Web, with common web services. The FB login (and other social identity providers later) is one of the ways in which a new user can create an account in my app. I will not actually be using FB in any way other than as an Identity Provider that helps me set up an account in my app (at least for now).

markvgti
  • 3,487
  • 6
  • 32
  • 49
  • According to your requirement you should check the token validity every time with FB API's before calling your own webservice. – Poles Nov 14 '15 at 11:03
  • How do I check the validity? I couldn't find anything definite... – markvgti Nov 15 '15 at 04:21

1 Answers1

0

You should use FB graph API along with app access token in your server. If the response returns NULL the it is invalid. Here is the link. This link may be old but you will find the new graph API in the facebook developers site.

Community
  • 1
  • 1
Poles
  • 3,307
  • 6
  • 38
  • 82