Sign In Register

How can we help you today?

Start a new topic

Questions about Facebook user access tokens usage

Hi there,

We'll be using FacebookConnectRequest in our games, and I've checked Facebook's documents regarding to access token usage. After reading those documents, some questions popped in my mind. I've looked at previous entries for the subject, but couldn't find exact answers so I'm shooting this.

  • GameSparks stores the user access token in a collection called externalAuthentication. From the NoSQL panel, I can see that there's a field called lastRefresh, so I believe it handles access token refreshing/extension periodically. Is that correct? If so, what's the frequency of this process?
  • What happens when the user access token is invalidated for some other reason (e.g. user password change on Facebook, token expiry)? Does GameSparks platform handle the errors? If not, what should we do? Should we try to re-authenticate the user on the client-side? If so, what's the error message you return in such a case?
  • Does GameSparks platform support verifying Graph API calls with appsecret_proof? We'd like to enable it from the Facebook developers portal if you support it.
Thanks in advance.

1 Comment

Hi Onur,

We don't refresh the token manually. The users details will get refreshed when they use the FacebookConnectRequest with a valid token. At this point the displayName will be synced or updated (if specified to do so) and any friend list changes will be applied. These changes require players to authenticate via Facebook so their details can be refreshed. We only sync the displayName and pull in the relevant friend details during this process. I hope this helps.



Login to post a comment