The per-the-spec approach to extending access tokens is that you should receive a refresh token along with your access token and you can exchange that refresh token at *any* time (before or after the access token expires) for a new access token.
Facebook, however, doesn't implement that part of the spec. Instead, they issue 2 different tokens: A short-lived token (good for 2 hours) and a long-lived token (good for 60 days). At any time before the short-lived token expires you can exchange it for a long-lived token. You cannot exchange long-lived tokens for new long-lived tokens. Even so, the short-lived token is only given to clients using FB's JS API...server-side clients are given the long-lived token from the start. That means that it's good for 60 days and then you're stuck having to go through the authorization process again to get a new access token.
This is the subject of https://jira.springsource.org/browse/SOCIALFB-87. In short, a filter will be available to automatically deal with those expired tokens (or, actually, any invalid token, no matter why it's invalid). I've already got a good chunk of work done on this, but it still needs some final touches and some thorough testing before I merge it into the master branch. I'm hoping to have this work ready in time for a 1.1.0.M1 release before SpringOne/2GX in October, but it will be in GitHub before then.
Craig Walls
Spring Social Project Lead
Junior Member
Posting Permissions
Reply With Quote