9

I'm getting the following error from Facebook when trying to post to a users stream.

Error validating access token: The session has been invalidated because the user has changed the password or because auth.expireSession was called.

The workflow is as follows:

  1. Authorize with Facebook requesting scope=offline_access,publish_stream permissions (if the current user has not already authorized)

  2. Do some work on the server (takes 5-10 minutes)

  3. Attempt to publish to the user's Facebook stream

This code works for many users, but for some users, I get the Error validating access token error. It started frequently happening a few weeks ago, then seemed to stop, and now happen a lot again. I'm certainly not calling auth.expireSession on my end, and it seems unlikely that multiple users would be changing their password in the 5-10 minute window from authorizing to publishing. Does anyone know what might be causing this?

Aminah Nuraini
  • 13,849
  • 6
  • 73
  • 92
herbrandson
  • 2,157
  • 2
  • 30
  • 43
  • 1
    I'm not sure, but it maybe that the user "removed" the publish stream permission from your App? also it's always a good idea to update your `access_token` even if it's taken with `offline_access`. – ifaour May 12 '11 at 07:35
  • Are you monitoring the Deauthorize Callback to see if users are uninstalling? – J Starr Jul 26 '11 at 23:40
  • @Jason I'm not monitoring, but it seems unlikely that a user would grant my app access, then deny access within the next 5-10 minutes. It seems even more unlikely that lots of users would do the same thing within a few day period. Either way, the issue seems to have gone away so I'm guessing it was a temporary FB bug. – herbrandson Aug 09 '11 at 02:49

1 Answers1

8

Anytime you get this error, you should run the user back through the auth flow. There are many reasons that either the user or we will invalidate a session. We have a how-to on this at https://developers.facebook.com/blog/post/500

Kevin Montrose
  • 21,105
  • 8
  • 84
  • 134
Douglas Purdy
  • 1,009
  • 8
  • 16
  • Thanks for the response. This actually stopped happening a few days after it started. However, re-authing the user wouldn't work in this case since the publishing is happening as part of a background process. – herbrandson Aug 09 '11 at 02:46
  • your app still needs to take this scenario into account. you can send the user an email, whatever to run them through the auth flow again. – Douglas Purdy Aug 24 '11 at 02:10
  • 3
    Link given you is not available. – Ketav Feb 06 '17 at 07:17