I am building a social gaming platform which will be played with mobiles. I am confused about the login part and access token. Let me briefly explain my problem.
Problem: User logs in with facebook login and I retrieve the accessToken of the user. Then immediately after login I store this accessToken in my database. The user continues with the game. Then in some point when I want to post something to the users wall the mobile side calls a WebService and my part (C#) uses the access token stored in the DB and posts something to the wall. Until here everything is OK. But what happens when the access Token expires or the user changes his password. Then I have to re-get the accessToken and update the DB.
BUT how do I get notified when the accessToken changes? I have to get notified or I will have a expired token and won't be able to post something.
Thanks
You won't get notified when a token expires, but Facebook give you the expiry time in your response, which you should store.
According to the OAuth spec, you will receive an HTTP 401 Unauthorized if you try to use an invalid/expired token, as well as the following:
Invalid Consumer Key
Invalid signature
Invalid / used nonce