How to handle password change for Facebook connection?

kien · January 28, 2021, 12:21pm

Hi everyone,

Our application is storing facebook access_token in our database to use for Facebook Graph API calls, it works great

But when an user changed his password or update the business integration, Facebook will invalidate the access token, I tried to get a new access token by asking user to log out and re-login, but Auth0 still returns the old token

Error message from Facebook

“The session has been invalidated because the user changed their password or Facebook has changed the session for security reasons.”

How can I solve this issue?

Thanks

dan.woda · January 28, 2021, 11:34pm

Hi @kien ,

Do you have the connection configured to sync the user profile on each login? I wonder if this updates the token.

Screen Shot 2021-01-28 at 3.33.48 PM

kien · January 28, 2021, 11:39pm

hi guys,

I’ve found what went wrong, because we cache the user data, we just need to invalidate the cache and get the access_token again from auth0 and it’ll work

dan.woda · January 28, 2021, 11:51pm

Great! Thanks for the update.

Topic		Replies	Views
Log off out all session after the user change password Help auth0	2	3361	September 14, 2020
Social connection +Reset Password Help social-connection	2	5337	March 2, 2018
How can social user invalidate all sessions? Help sessions , refresh-token-revocation	3	833	November 28, 2023
How to refresh token obtained from social login without performing re-authentication Help connections , google-social-connection	0	748	August 15, 2023
Invalidate session on password change Help user-management , user-password-management	0	355	March 4, 2024

How to handle password change for Facebook connection?

Related Topics