[QUESTION] accessToken / refreshToken

jaredhanson / passport-facebook

Facebook authentication strategy for Passport and Node.js.

https://www.passportjs.org/packages/passport-facebook/?utm_source=github&utm_medium=referral&utm_campaign=passport-facebook&utm_content=about

MIT License

1.29k stars 447 forks source link

[QUESTION] accessToken / refreshToken #228

Open SamJWeissman opened 6 years ago

SamJWeissman commented 6 years ago

This may be a stupid question but since I haven't found any solid explanations on Google just yet figured I'd ask.

What am I supposed to do with accessToken and refreshToken?

I am able to login the user via Facebook using the Facebook strategy and example routes. However, I didn't use either token and did not persist either token to my database. Are they just being used behind the scenes or should I be doing something with them?

Thank you in advance!

cryptojuice commented 6 years ago

@SamJWeissman What you do with the access token depends on the needs of your Client/API. If the sole purpose is to use Facebook as a quick means of verifying user identities, then storing the tokens is not necessary. But, If your application required further interactivity with Facebook (posting on users wall, fetching extra profile data) then you'll need to store their access token for making future request to Facebook's API.

SamJWeissman commented 6 years ago

@cryptojuice

Awesome! Thank you for the details, appreciate your help!

toksdotdev commented 6 years ago

You only stated the use of accessToken.

What about the use of refreshToken?