I'm writing a mini script (web page) similar to buffer.com or sproutsocial.com to schedule posts to social networks such as facebook. The issue is that these services require the use of tokens that have expiration dates (for facebook the max is 2 months I believe). If my users schedule the posts say 3 months later, then the tokens will expire before the posts can be published.
I can automatically renew these tokens if and only if the users visit the web page within the expiration period. I see this post here Posting to Facebook on behalf of the user: how to handle token expiration? and I wonder if this is the only solution?
I have never been asked by Buffer and Sprout to do anything even if I dont' visit their sites after a long time so I wonder if there is a way for them to keep these tokens fresh?
There is no way to auto-refresh tokens for the Facebook API, you can only do that with user interaction. You are talking about an extended user token though, which is valid for 2 months. Extended page tokens are valid forever.
More information:
https://developers.facebook.com/docs/facebook-login/access-tokens/
http://www.devils-heaven.com/facebook-access-tokens/
Related
1: When it says 15 requests per 15 minute window, does this really mean I can only send 15 requests per 15 minutes?
2: Do I really need to set up a Twitter bot to send basic requests like getting a list of a user's followers? Is there a way to get the data through a URL, like in most web APIs? I'm making software that will be used by other people, so it can't have a bot auth token in the code.
I know I'm pretty much asking if what it blatantly says is true, but I'm just having trouble believing that the Twitter API is really this bad.
It sounds like you are specifically asking about the friends and followers endpoints. Yes, this is limited to 15 requests in a 15 minute window. Other endpoints / features have different rate limits.
The Twitter API requires authentication. You do not need to set up a "bot", but you will need a registered Twitter developer account, and a Twitter app, in order to use the API. If your app will be used by other people, you would need to implement Sign-in with Twitter to enable them to authenticate with your app; you can then store their access token (until or unless they revoke it) to make requests on their behalf. This is pretty standard for any multi-user web app.
I'm working on integrating Apple Music into my web app. I let users authenticate once, using Apple's MusicKit JS. However, I'm curious if the resulting Music User Token expires. I'm storing this token in a database, but I need to know if I can use this token again at a later date without having the user authenticate again.
This question seems to be semi-related.
Thanks!
I've been trying to figure this out as well. I just made a call to create a playlist on behalf of a user and received a 403. Unfortunately, I don't know how long the token has been sitting stale, but I do think it has been close to 1 - 2 months...
The other issue here is you have to re-prompt the user to sign in (as I don't think there is a refresh token endpoint). Maybe we can find a solution together on this!
After taking a cursory look around, I've found two different questions in the Apple developer forums suggesting that there is a non-configurable 6-month expiration of these tokens. One of these posts was answered by an Apple Media Engineer 2 months ago, which seems about as authoritative a source as you can get outside of documentation.
Forum entry #1: How to set music user token expiration?
Question:
I would like to create presave feature on my app with Apple Music API.
On this article, developer token has an option to set expiration date but music user token don't.
Does music user token has an option to set expiration date? If not, how do I know expiration date on music user token?
Answer (from an Apple Media Engineer, 2 months ago):
Thanks for your question regarding Media User Token expiration.
The Media User Token expires after 6 months, currently. There is no way to configure this by the developer.
Forum entry #2: When does a Music User token expire?
Question:
After how much time does a Music User token expire?
For my use case I am unable to reauth the user using MusicKit JS, so I would like to know how long I can use the User token.
Answer (from a user, 1 year ago):
The expiration is 6 months currently
Do we get token on creating seller account on eBay or we have to generate it manually through developer login.I'm really stuck with this problem.Please help if anyone knows!!
The relevant documentation is here but I'll sum it up:
You need an eBay user account. (The term "seller account" means "user account that happens to sell things", which is useful for people who have two accounts and only sell with one of them.)
You also need a developer account.
Using your developer account, you write a program that prompts a user to sign in and request an access token with permissions you specify.
This prompts eBay to send a token to your program, which expires in 2 hours. Just enough time for your program to do all the eBay tasks it needs to do.
If 2 hours isn't long enough, there is a way of using the first token to create more tokens, but you still need the user to sign in once every 18 months to keep your program running.
There is no way to gain indefinite access. Sorry.
I'm working with a project in Odoo and I have enabled google Sign in. The problem is, when a user tries to log in from different browsers at the same time, only the latest log in session is retained and the older ones are expiring.
For example - I sign in to Odoo using google on chrome and then sign in on Mozilla firefox. At this point if I refresh my page on chrome where I signed in, I will be logged out and will be asked to sign in again but I'm still signed in on firefox.
After a lot of considerations, it came to my mind that probably the old refresh tokens are expiring. However on the official docs, I saw this:
A token might stop working for one of these reasons:
The user has revoked access.
The token has not been used for six months.
The user account has exceeded a certain number of token requests.
If this is not the case then why can't I stay signed in from multiple browsers at the same time? What should I do in order to stay signed in using google from multiple browsers?
Any help would be appreciated!
I don't know much about Odoo but most likely this is due to the policy of odoo that they support login session for an account only from one place (and expire older sessions). I'm sure the same applies to when you sign-in with a password that you will only have one session.
When you use login with Google (or other methods), most of the applications issue their own credentials (cookies etc) and they decide the lifetime of a session (most don't tie these to Google session). I suspect that is what you are experiencing here.
The previous tokens don't become invalid for the same app when a new token is issued (up to a limit roughly 25).
I have a setup where users are required to log into my ios application using facebook. I want to poll their friend's information every couple hours and notify them on any changes. Is this possible with what is allowed by facebook api? Essentially, if i user facebook ios login to sign the user in, and I receive an access token, could I use that token days or weeks later?
As WizKid commented, you canĀ“t access friends information anymore, friend permissions are deprecated since v2.0, as you can read in the changelog: https://developers.facebook.com/docs/apps/changelog
Information about Access Tokens and how long they are valid can be found here:
https://developers.facebook.com/docs/facebook-login/access-tokens
http://www.devils-heaven.com/facebook-access-tokens/
Also, polling information is a very bad idea, if you want to check for changes (of an authorized user only!), you better user the Realtime API: https://developers.facebook.com/docs/graph-api/real-time-updates/