offline_access deprecated - How identify users in an app accross devices now?

Question

till now I was using the fb id and the access token of a user to identify him within my app accross multiple devices using a cloud backend. Specifically in most cases the user will want to login to a tablet and a smartphone version of the app. Using the offline_access permission always resulted in the same token when login to the app from any device.

Now the offline_access tokens are deprecated, rendering the access_token received upon login the facebook api useless for authentication. Ok, I can validate the new token server side and make sure the login is valid and store it in the backend db, that's fine.

But replacing the token in the backend with the new one is bad, because the user might be running the app already on one of his devices. The token stored on such device will be rendered useless because of the newly issued token. I want to avoid using some sort of push-new-facebook-token-method.

Do you have any hint what direction to go for in order to setup a smooth solution?

Thanks, Chris

Answer 1

Each device might have a different one encoded with a slightly different expiration date, but that doesn't really matter. Use each SDK's version of "getLoginStatus()" and use that access token rather than storing the access token yourself.