I'm working on integrating Apple Music into my web app. I let users authenticate once, using Apple's MusicKit JS. However, I'm curious if the resulting Music User Token expires. I'm storing this token in a database, but I need to know if I can use this token again at a later date without having the user authenticate again.
This question seems to be semi-related.
Thanks!
I've been trying to figure this out as well. I just made a call to create a playlist on behalf of a user and received a 403. Unfortunately, I don't know how long the token has been sitting stale, but I do think it has been close to 1 - 2 months...
The other issue here is you have to re-prompt the user to sign in (as I don't think there is a refresh token endpoint). Maybe we can find a solution together on this!
After taking a cursory look around, I've found two different questions in the Apple developer forums suggesting that there is a non-configurable 6-month expiration of these tokens. One of these posts was answered by an Apple Media Engineer 2 months ago, which seems about as authoritative a source as you can get outside of documentation.
Forum entry #1: How to set music user token expiration?
Question:
I would like to create presave feature on my app with Apple Music API.
On this article, developer token has an option to set expiration date but music user token don't.
Does music user token has an option to set expiration date? If not, how do I know expiration date on music user token?
Answer (from an Apple Media Engineer, 2 months ago):
Thanks for your question regarding Media User Token expiration.
The Media User Token expires after 6 months, currently. There is no way to configure this by the developer.
Forum entry #2: When does a Music User token expire?
Question:
After how much time does a Music User token expire?
For my use case I am unable to reauth the user using MusicKit JS, so I would like to know how long I can use the User token.
Answer (from a user, 1 year ago):
The expiration is 6 months currently
Related
Do we get token on creating seller account on eBay or we have to generate it manually through developer login.I'm really stuck with this problem.Please help if anyone knows!!
The relevant documentation is here but I'll sum it up:
You need an eBay user account. (The term "seller account" means "user account that happens to sell things", which is useful for people who have two accounts and only sell with one of them.)
You also need a developer account.
Using your developer account, you write a program that prompts a user to sign in and request an access token with permissions you specify.
This prompts eBay to send a token to your program, which expires in 2 hours. Just enough time for your program to do all the eBay tasks it needs to do.
If 2 hours isn't long enough, there is a way of using the first token to create more tokens, but you still need the user to sign in once every 18 months to keep your program running.
There is no way to gain indefinite access. Sorry.
I'm trying to identify a user by storing the Apple Music User Token on a database. Is this token the same for an Apple Music user over multiple authentications?
I seem to have run into a hiccup here - over the course of the development (me being the only developer), I noticed four different user tokens registered on the database, despite only using one login. I want to double check if the User Token is in fact not the same over multiple authentications before I move to a different method of identification. Also, is there any other way of identifying a user similar to using the Apple Music User Token, as I'm trying to avoid using a login.
I'm writing a mini script (web page) similar to buffer.com or sproutsocial.com to schedule posts to social networks such as facebook. The issue is that these services require the use of tokens that have expiration dates (for facebook the max is 2 months I believe). If my users schedule the posts say 3 months later, then the tokens will expire before the posts can be published.
I can automatically renew these tokens if and only if the users visit the web page within the expiration period. I see this post here Posting to Facebook on behalf of the user: how to handle token expiration? and I wonder if this is the only solution?
I have never been asked by Buffer and Sprout to do anything even if I dont' visit their sites after a long time so I wonder if there is a way for them to keep these tokens fresh?
There is no way to auto-refresh tokens for the Facebook API, you can only do that with user interaction. You are talking about an extended user token though, which is valid for 2 months. Extended page tokens are valid forever.
More information:
https://developers.facebook.com/docs/facebook-login/access-tokens/
http://www.devils-heaven.com/facebook-access-tokens/
I have a setup where users are required to log into my ios application using facebook. I want to poll their friend's information every couple hours and notify them on any changes. Is this possible with what is allowed by facebook api? Essentially, if i user facebook ios login to sign the user in, and I receive an access token, could I use that token days or weeks later?
As WizKid commented, you canĀ“t access friends information anymore, friend permissions are deprecated since v2.0, as you can read in the changelog: https://developers.facebook.com/docs/apps/changelog
Information about Access Tokens and how long they are valid can be found here:
https://developers.facebook.com/docs/facebook-login/access-tokens
http://www.devils-heaven.com/facebook-access-tokens/
Also, polling information is a very bad idea, if you want to check for changes (of an authorized user only!), you better user the Realtime API: https://developers.facebook.com/docs/graph-api/real-time-updates/
The app should be uploading videos from iOS devices directly to our own YouTube account (not user's account).
In every scenario I came across you need an Access Token that you can get only from user logging in through OAuth2 (window popping up). Obviously, we can't give everyone username and password from company account. I was imagining using some key that uniquely identifies the app and YouTube user account to use.
Any solution / pointer? Thanks.
I ended up using deprecated Client Login. We still need to figure where to store passwords (either in the client app, or fetch them from backend every time), but that's already a huge progress.
Unfortunately, Google says Client Login will be removed in 2015. We can just hope they'll come up with non-interactive auth method requiring no user interaction by then.