Facebook Tokens from Auth0, long-lived access? How often are they reissued?


On our application we integrated with Facebook and use their token pretty heavily.

In terms of the token returned on the identities array where provider = ‘facebook’, is that token what FB describes as a long-lived access token?

We are trying to figure out the flow of adding a new permission in the future to the auth0 facebook social connector, and how the propagation of the new permissions will be handled in terms of users reauthenticating.

Will that token in the providers array be automatically updated upon adding new permissions?


Hi @jmunson and welcome to the community! :tada:

From reading the code, that token would be shorted lived. You would need to exchange it yourself for a long lived one.

For updating the access token in that array, you would need to have the end user be redirect to Facebook again. When they re-auth through Facebook, it should update the token in that array.

I hope that helps! Please let me know if you have any questions.

1 Like

Hi @thomas.osborn , and thanks for the quick response.

So for updating permissions for our app, we would need to force all users to reauthenticate through FB to gain access to the new permissions granted to the application?

Is there a good way to selectively do this? we don’t anticipate updating the permissions that often, but want to ensure the process is seamless.