Open Metallix opened 3 years ago
It appears that the JWT is designed to be the state of the user at the time of login. (See https://github.com/facebook/facebook-ios-sdk/issues/1663 (first response)) This means it never refreshes, except by calling FB.Login... again. This is not ideal when we want to use Facebook as an identity provider on every app start. For now we got around this by caching the users session on the device, so we do not need to re-authenticate with our game servers all the time. But that seems very odd. How are we supposed to use the limited facebook login as an identity provider, without showing a login dialog every other hour?
The user's authentication session should remain valid even after the expiration of AuthenticationToken. You should not need to show a login dialog every hour.
I didn't quite understand the need to maintain a separate cache for user session. The sdk should already provide that, i.e. FB.Mobile.CurrentAuthenticationToken()
or 'FB.Mobile.CurrentProfile()`. The user session remains valid as long as there's an instance of Profile. Would that work for your use case?
Checklist
Environment
Describe your dev environment here, giving as many details as possible. If you have them, make sure to include:
2019.4.26f1
9.2.0
[iOS]
version14.8.0
Goals
Verify the authentication token after the limited login.
Expected Results
The authentication token is not outdated after FB.Init() and FB.Login()
Actual Results
The authentication token is valid for one hour but then stays outdated, even after app restarts or updates. When debugging the result of
FB.Mobile.CurrentAuthenticationToken()
it appears to be a token that is expired. Even when logging out from facebook on the device (Webpage) or even login with a different user, the token does not update.Steps to Reproduce
FB.Mobile.CurrentAuthenticationToken()
Code Samples & Details