Added ability to extend tokens #24
Conversation
|
@scottmac Not sure what you mean. The JS SDK should be able to support getting long-lived tokens, but the PHP SDK should also support that. |
|
This looks fine -- could you fix up the indentation/style and 80 col issues. |
|
|
||
| $this->destroySession(); | ||
|
|
||
| $this->setPersistentData('access_token', $response_params['access_token']); |
There was a problem hiding this comment.
Shouldn't this method return the extended token value? after all is called getExtendedAccessToken, right?
There was a problem hiding this comment.
@onema: I'll change the function name to set*. Sound reasonable?
There was a problem hiding this comment.
actually get* is not a bad name, just return the extended token you just requested for. set* is not a very good name because you are not setting anything (not passing any parameters, see other setter methods).
If you really don't want to return the token I think request* would be a better name?
There was a problem hiding this comment.
It is setting a new access token.
There was a problem hiding this comment.
Hey, I posted this in January on StackOverflow, called it getExtendedAccessToken which seemed to make the most sense to me back then. I found most use in it when it returns the new accesstoken.
You can see it here, http://stackoverflow.com/questions/8982025/how-to-extend-access-token-validity-since-offline-access-deprecation/9035036#9035036
I'm also not sure why you'd want to destroy the session in there?
There was a problem hiding this comment.
@JoinScribbly, if you don't destroy the session, you'll end up with two, which can lead to all sorts of problems.
| return false; | ||
| } | ||
|
|
||
| $this->destroySession(); |
There was a problem hiding this comment.
Should you be destroying the session here? The only methods that use this in the BaseFacebook class are _rest and throwAPIException. this can cause problems if you don't leave it up to the user of the class to kill the session. Makes sense?
There was a problem hiding this comment.
What problems can it lead to?
There was a problem hiding this comment.
Is there a benefit in destroying the session here?
Added ability to extend tokens
This adds the ability to get extended tokens. Most folks use the JS client-side flow to auth users, which generates a short-lived token.
They can now call extendAccessToken() in order to get an long-lived token.
Note that this also destroys the original JS session, so some discussion may be needed as I don't know of any unintended consequences this could have.