Facebook access tokens have no expiry date #1
Description
I've been playing with this for a day or so and so far it's been fantastic. It's such a shame that most API's have created their own bastardization of the OAuth protocol.
Facebook does not return "expires" when you request an access token, which currently throws an error.
These tokens do expire after an arbitrary amount of time (roughly 2 hours), and in order to retrieve a long-term access token, you must request the "offline access" extended permission (see http://developers.facebook.com/docs/authentication/permissions).
- The OAuth20Token class needs refactoring to accept tokens with no expiry date
- The authorization_url function should support extra parameters, so that Facebook clients can request extended permissions and display options (a "display" param must be passed to /authorize for Facebook to render mobile, desktop, popup and touch-screen friendly login screens... urgh). A consequence of this is that the user may have to write their own views to pass these parameters.
- As a consequence of (1.) It should be decided whether it is in the scope of this application to provide nicer error handling for tokens that have expired (such as redirecting the user to fetch a new token)
LinkedIn and Twitter otherwise work extremely well.
I'll happily volunteer to work on patches for 1 and 2 if y'all think it's a good idea.