Be careful when handling the deprecation of Facebook Offline Access Permission

According to Facebook’s roadmap, offline_access permission will be removed on 2May,

The offline_accesspermission is deprecated and will be removed July 5, 2012. Until then, you can turn this change on or off using the “Remove offline_access permission” migration. On May 2, 2012, we will automatically turn the migration to “enabled” for all apps. If this breaks your app, you can turn the migration back to “disabled” until July 5, 2012 when it will be permanently “enabled” for all apps. Please see the Removal of offline_access Permission doc for more details.

The details of the changes, impacts and how different scenarios should be handled by the developer are written in the doc Removal of offline_access permission.

The document is pretty long and detailed information is given.  However, don’t blindly trust the information there.  You should always test it out.

For example, for the scenario 3 stated in the document, it is mentioned that the server side OAuth flow will return to us a long lived user access token.  However, it is reported by other developers (and I have tested this too) that the access token returned is actually a short lived one.

So, to play safe, you should first check and test your app.  For this, I highly recommend the Access Token Tool provided to us by Facebook.  It is handy when you want to check the details of an access token.

This entry was posted in Authentication, news and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *