New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

croak 'expires is not returned' #5

Closed
brunnock opened this Issue May 10, 2014 · 8 comments

Comments

Projects
None yet
2 participants
@brunnock

I had to comment out this line in get_user_token_by_code (#207).

It seems Facebook is returning a valid token without an expiration for me.

@oklahomer

This comment has been minimized.

Show comment
Hide comment
@oklahomer

oklahomer May 10, 2014

Owner

Thanks for adding an issue, @brunnock. I apologize for your inconvenience and I'll definitely look into this.

I thought expires was always given along with user access token, but I might be missing some spec. change.

Just to be sure could you give me some more details including following items?

  • Version of API/Dialog you are using
    • If you are not specifying one on Facebook::OpenGraph->new(), the version is "unversioned" and I must know if your Facebook app is registered prior to 2014-04-30 or not
  • How you obtained the code parameter
    • via the callback URI of Login Dialog
    • from cookie value via $fb->get_user_token_by_cookie
    • or signed_request parameter POSTed to your page for Facebook Page app

Thanks

Owner

oklahomer commented May 10, 2014

Thanks for adding an issue, @brunnock. I apologize for your inconvenience and I'll definitely look into this.

I thought expires was always given along with user access token, but I might be missing some spec. change.

Just to be sure could you give me some more details including following items?

  • Version of API/Dialog you are using
    • If you are not specifying one on Facebook::OpenGraph->new(), the version is "unversioned" and I must know if your Facebook app is registered prior to 2014-04-30 or not
  • How you obtained the code parameter
    • via the callback URI of Login Dialog
    • from cookie value via $fb->get_user_token_by_cookie
    • or signed_request parameter POSTed to your page for Facebook Page app

Thanks

@brunnock

This comment has been minimized.

Show comment
Hide comment
@brunnock

brunnock May 11, 2014

Unversioned. The app was registered before 4-30, but was just approved last night (2014-5-9).

The code param is returned via URI.

Unversioned. The app was registered before 4-30, but was just approved last night (2014-5-9).

The code param is returned via URI.

@oklahomer

This comment has been minimized.

Show comment
Hide comment
@oklahomer

oklahomer May 11, 2014

Owner

Thanks, @brunnock. As I understand Facebook Platform's versioning system, as long as you use unversioned API/Dialog with app registered before 2014-04-30, your app's version is default to v1.0.

For apps that existed before April 30th 2014, making an API call without specifying a version number ('unversioned') is equivalent to making a call to the v1.0 of the API.

For apps created on or after April 30th 2014, making an API call without a specifing a version number is equivalent to making a call to v2.0 of the API.

I looked up v1.0 document for /oauth/access_token endpoint and it states as follows:

The response you will receive from this endpoint, if successful, is

access_token={access-token}&expires={seconds-til-expiration}

If it is not successful, you'll receive an explanatory error message.

So if it works following this spec, expires must be returned.
Actually it makes no sense to me that they are returning time-limited access token, but no expiration time, right? If they are not returning expires parameter, I think this is Platform's issue and you might want to report a bug or ask developer group for similar situation.

I hope it helps you and let me know when you have any progress.

Owner

oklahomer commented May 11, 2014

Thanks, @brunnock. As I understand Facebook Platform's versioning system, as long as you use unversioned API/Dialog with app registered before 2014-04-30, your app's version is default to v1.0.

For apps that existed before April 30th 2014, making an API call without specifying a version number ('unversioned') is equivalent to making a call to the v1.0 of the API.

For apps created on or after April 30th 2014, making an API call without a specifing a version number is equivalent to making a call to v2.0 of the API.

I looked up v1.0 document for /oauth/access_token endpoint and it states as follows:

The response you will receive from this endpoint, if successful, is

access_token={access-token}&expires={seconds-til-expiration}

If it is not successful, you'll receive an explanatory error message.

So if it works following this spec, expires must be returned.
Actually it makes no sense to me that they are returning time-limited access token, but no expiration time, right? If they are not returning expires parameter, I think this is Platform's issue and you might want to report a bug or ask developer group for similar situation.

I hope it helps you and let me know when you have any progress.

@oklahomer oklahomer added the invalid label May 11, 2014

@oklahomer

This comment has been minimized.

Show comment
Hide comment
@oklahomer

oklahomer May 12, 2014

Owner

Quick question, @brunnock. Is your app requesting some permissions for Facebook Page management or Ads management, such as manage_pages?
I kinda found a clue for this.

Owner

oklahomer commented May 12, 2014

Quick question, @brunnock. Is your app requesting some permissions for Facebook Page management or Ads management, such as manage_pages?
I kinda found a clue for this.

@brunnock

This comment has been minimized.

Show comment
Hide comment
@brunnock

brunnock May 12, 2014

Yes. It does request manage_pages.

Yes. It does request manage_pages.

@oklahomer

This comment has been minimized.

Show comment
Hide comment
@oklahomer

oklahomer May 12, 2014

Owner

Thanks, I got the picture. I'll be working on this.

Owner

oklahomer commented May 12, 2014

Thanks, I got the picture. I'll be working on this.

@oklahomer oklahomer added bug and removed invalid labels May 15, 2014

@oklahomer oklahomer self-assigned this May 15, 2014

@oklahomer oklahomer closed this in b068952 May 18, 2014

@oklahomer

This comment has been minimized.

Show comment
Hide comment
@oklahomer

oklahomer May 18, 2014

Owner

I confirmed the edge cases that user access tokens become ones w/ no expiration time. They describe it is not an intended behaviour, but it occurs because of the side effect of how they link page access token to its owner's access token. https://developers.facebook.com/bugs/597779113651383/

Now, as of version 1.22, this module does not check the existence of expires parameter.

Owner

oklahomer commented May 18, 2014

I confirmed the edge cases that user access tokens become ones w/ no expiration time. They describe it is not an intended behaviour, but it occurs because of the side effect of how they link page access token to its owner's access token. https://developers.facebook.com/bugs/597779113651383/

Now, as of version 1.22, this module does not check the existence of expires parameter.

@brunnock

This comment has been minimized.

Show comment
Hide comment

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment