Facebook Access Token [Javascript SDK]

Question

I am writing Facebook login for my site.I am using Javascript Sdk,but I don't understand one thing.

  function fbLogin() {
   FB.login(function(response) {
   if (response.authResponse) {
    var token=response.authResponse.accessToken;
     FB.api('/me', function(response) {

       $.get('main/check_facebook_status/'+token,function(data) {
            if (data == "true") {
                $('#r_name').val(response.name);
                $('#r_username').val(response.username);
                $('#r_email').val(response.email);
                $('#fbid').val(response.id);
                $('#fbtoken').val(token);


            }
       })
     });
   } else {
     console.log('User cancelled login or did not fully authorize.');
   }
 }, {scope: 'email, publish_stream'});
  }

Can I trust he access token(response.authResponse.accessToken) for identify the user ? Can facebook change the access token ? If changes the access token how can I identify the user ?

Ps:Sorry for bad english

Answer 1

Can I trust he access token(response.authResponse.accessToken) for identify the user?

Of-course yes!

Can Facebook change the access token ?

Nope. But it expires after 2 hours, so you have to get the token again. If you want to use this token in future; you can extend the life of the token to 60 days.

You can read more about access tokens here.

---

[Edit]

The token also becomes invalidated in the following cases-

• User changes the password
• User de-authorizes the app
• User removes the app