[Openid-specs-ab] Facebook changes offline access

John Bradley ve7jtb at ve7jtb.com
Thu Jan 26 13:41:35 UTC 2012


It looks like they are creating a new endpoint for extending access tokens rather than using refresh tokens.

My read of it is that developers )will now get offline access without asking.  They just need to refresh the access token every 60 days.  

The documentation is typical of Facebook so the actual operation may be different. 

Using the 'code token' return type with a refresh token would have been OAuth 2.0 compliant.

I expect the media will jump on the privacy issue.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4767 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20120126/bcc4faf1/attachment.p7s>

More information about the Openid-specs-ab mailing list