Do I need to store an access token for security purposes when creating an android app?
Question
I am creating an android app which uses facebook to login. I am then storing all user data in a database on my server. Should I store the users access token also or would it be secure enough to just use the userid in the database and let only the app handle if the user is valid or not? For example. If I have a database that stores a list that I only want that user to see and I am using FB to authenticate. would it be secure enough not to have to verify the fb access token every time they access their list?
1 answers
solution1
0 2012-05-19 16:53:17
Note that this doesn't account for the situation where user may have revoked access to your app or if user has changed his password. You will need to always look out for the invalid access_token and redirect user to re-authorize your app. For invalid access token, following error :
User revoked access to your app:
{"error":{"type":"OAuthException","message":"Error validating access token: User
1053947411 has not authorized application 157111564357680."}}
OR when password changed:
{"error":{"type":"OAuthException","message":"Error validating access token:
The session is invalid because the user logged out."}}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.