Oauth access token expiration date

149 5

I want to implement such a function:
In the e-commerce site, users log in via Douban account ( oauth authorization ) and buy something. After buying, there's a"publish to Douban"check box, and if the user is checked, you can automatically publish this order/item.
According to the general idea, I can put access token in session when the user logs in, and when the order is completed, use this access token.

But.
This account may be connected to sina webo, Douban, netease, but users won't be able to get the other two access tokens, nor can they publish messages on multiple platforms. Because I'm obviously unable to make the user 's authorization page a bit when they finish the order..

If the user connects to the platform, the access token is logged in the database, which is resolved.

So how long is the access token valid. I looked at each api, each of which was a few hours to a month, so the problem became..

2 Answers

144 1

In fact, access token should be a period of time, at least in foreign countries. For example, there's such a description in twitter 's faq ( https://dev. Twitter. com/docs/auth/oau. ).

We don't currently expire will be invalid if a user explicitly rejects.

Facebook, for offline applications, has dedicated offline authorization, as long as the user has enabled this authorization, then your token won't expire.

I haven't seen related descriptions in the domestic open platform documentation, and if you're going to expire in a few hours or months, they shouldn't be. Because we know the maximum lifetime of memcached 's cache is a month:

...