问题
for a few users (maybe not that few, considering the number of related mails I'm receiving) the access token associated with an OAUTH authorization seems to be immediately invalidated. The user is guided through the usual authorization process, he accepts the permissions, he is redirected to the right page which includes the access token, but as soon as my application tries to use the access token to get the user ID, an error is received instead:
{"error":{"message":"Error validating access token: Session has expired at unix time 0. The current unix time is 1323939801.","type":"OAuthException"}}
The offline_access is part of the permissions. Besides, there's no way the cause is the user removing the authorization or changing password since this happens right after having accepted the authorization. In my app flow I already attempt a retry a few times and from the logs I receive I can see the error is always the same: guiding the user through the authorization process again has no use, since the user is redirected again to the page with the access_token in the fragment. Apparently the only way for a user to solve this is to remove the application from the list of authorized applications and do the same thing all over again (unless at the n-th retry it starts working, not all users write back when things start working).
What could be the reason for this?
回答1:
I seem to have run into the same problem, see my question here: The session has been invalidated because the user has changed the password -> EDIT: i dont think this is the same thing any more, i found the rootcause for this, see answer for that question.
And another related question here: How can I remove all potentially cached tokens or session IDs on Android?
Any clues yet..?
回答2:
Offline access is getting deprecated, I wouldn't ask for it anymore. Instead, in iOS SDK, at least, there's a renewal method.
来源:https://stackoverflow.com/questions/8517968/access-token-immediately-invalidated