Do I need to worry about refresh tokens using Facebook external login in Web API?

Asked Dec 02 '16 at 18:03

Active Dec 02 '16 at 18:03

Viewed 42 times

I have an ASP.NET Web API project, and recently added both local and external OAuth login (using this question as a base). Now, the login is working, but what I worry about now is the expiration date of the tokens. If I understand correctly, Facebook's tokens expire after 60 days, so that means that after two months I should be refreshing the tokens.

But, now my question is, does ASP.NET Web API handle this refresh process for me? Or do I have to add my own logic? I ask because the tutorials are not clear about what to do. They just tell you to enable the Facebook auth and that's it.

edited May 23 '17 at 11:45

Community

asked Dec 02 '16 at 18:03

Arturo Torres Sánchez

2,751
4
20
33

No server-side API can "refresh" user access tokens on its own, because that requires user interaction. The user has to at least visit your app in a browser while being logged in to Facebook. – CBroe Dec 03 '16 at 08:50
@CBroe Do you know how to do that in Web API? – Arturo Torres Sánchez Dec 03 '16 at 14:58
If you embed the JS SDK, it will recognize a recurring user automatically. You can then either send the access token to the server, or try and fish the information out of the cookies it sets. – CBroe Dec 03 '16 at 15:06
@CBroe Does this also apply to a Cordova app as well? – Arturo Torres Sánchez Dec 03 '16 at 15:07

Do I need to worry about refresh tokens using Facebook external login in Web API?

0 Answers0