Today, Douglas Purdy has provided the following comments on the hottest issue “Inconsistent Invalid OAuth 2.0 Access Token errors”,
We believe that the underlying issue here (cache inconsistency) has been resolved.
All of the access_tokens that we looked at fell into two categories: a cache issue or the user had logged out/changed password.
I want to remind everyone that you must handle a case where the user has invalided the access token you have in hand.
The best way to do this is to have a user go back through the auth flow to get a new access token — they will not be prompted again.
Wanting to know more about who is Douglas Purdy, I searched in the Internet and find that Douglas Purdy is the director of developer relations at Facebook. Of course, by no means I can confirm they are of the same person. 🙂
Anyway, back to the subject, if that comment is official from Facebook, then I would accept that as the explanation or cause for the outbreak (which in turns may be triggered by some other changes which I don’t really bother too much – as long as these changes won’t break my apps).
Even that particular case is solved, as mentioned by Douglas, there are still other “expected” cases where the same “error message” will be returned to the application when calling Facebook’s APIs. Yes, I know that is true and thanks for the suggested handling … But, I believe there are still cases where this “invalid access token” error are returned UNEXPECTEDLY.
This may be hard to tell what is the exact cause and why this happen in all those cases, especially when a “fixed / workaround” found by one developer does not work for others.
I think it would be nice to have someone prepared a simple “demo app” that others (developers in Facebook) can install to reproduce the error….