Conversation
@scottmac Not sure what you mean. The JS SDK should be able to support getting long-lived tokens, but the PHP SDK should also support that. |
This looks fine -- could you fix up the indentation/style and 80 col issues. |
|
||
$this->destroySession(); | ||
|
||
$this->setPersistentData('access_token', $response_params['access_token']); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shouldn't this method return the extended token value? after all is called getExtendedAccessToken, right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@onema: I'll change the function name to set*. Sound reasonable?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
actually get* is not a bad name, just return the extended token you just requested for. set* is not a very good name because you are not setting anything (not passing any parameters, see other setter methods).
If you really don't want to return the token I think request* would be a better name?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is setting a new access token.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey, I posted this in January on StackOverflow, called it getExtendedAccessToken which seemed to make the most sense to me back then. I found most use in it when it returns the new accesstoken.
You can see it here, http://stackoverflow.com/questions/8982025/how-to-extend-access-token-validity-since-offline-access-deprecation/9035036#9035036
I'm also not sure why you'd want to destroy the session in there?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@JoinScribbly, if you don't destroy the session, you'll end up with two, which can lead to all sorts of problems.
return false; | ||
} | ||
|
||
$this->destroySession(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should you be destroying the session here? The only methods that use this in the BaseFacebook class are _rest and throwAPIException. this can cause problems if you don't leave it up to the user of the class to kill the session. Makes sense?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What problems can it lead to?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there a benefit in destroying the session here?
Added ability to extend tokens
This adds the ability to get extended tokens. Most folks use the JS client-side flow to auth users, which generates a short-lived token.
They can now call extendAccessToken() in order to get an long-lived token.
Note that this also destroys the original JS session, so some discussion may be needed as I don't know of any unintended consequences this could have.