Child Item

Preparing my App for long-lived tokens deprecation

After reading this post I'm facing a similar scenario (also discussed here) regarding migrating my app to short-lived tokens.

To my understanding, all existing long-lived tokens will still work, even after Sep. 30 but the option to create new ones will be disabled.

Does that mean that all existing offline access apps will still work using both old tokens and old authorization implementation? Does it also mean that existing users will not be affected by this transition at all?

Thanks in advance!

Find more posts tagged with

API

Abuse

Comments

Greg-DB

Long-lived access tokens are now considered deprecated, but we don't currently have a plan to disable existing long-lived access tokens. (If that changes, we will of course announce that ahead of time.) That being the case, you can continue using existing long-lived access token(s). Note though that after the change you won't be able to create new long-lived access tokens. That means that any users with existing long-lived access tokens can continue using those existing long-lived access tokens as before.

After the change, apps will need to use the updated flow to request "offline" access to get long-lived authorization via refresh tokens.

If, after the change, a user uses an app that hasn't been updated, any new authorizations will only receive short-lived access tokens, and they won't be able to newly authorize long-lived access without getting an updated version of the app.

jim32

Thanks @10!

So in fact, all existing users who are already authenticated (long-lived tokens) will no experience any change, unless they re-authenticate themselves with a new (short-lived) access token.

That's great news for all of us hoping this upcoming change will not affect existing users but only new ones 🙂