Overview of OAuth: Is the User Who He/She Says He/She is?: I’m not sure if you used OAuth to login to Stack Overflow, like the “Login with Google” option, but when you use this feature, Stack Overflow is simply asking Google if it knows who you are: “Yo Google, this Vinesh fella claims that [email protected] … Read more
Edit (August 14th 2012): A week ago the official Facebook PHP SDK was updated. The function name was changed to setExtendedAccessToken, and it was decided we actually needed to destroy the session afterwards, to remove the risk of having two active sessions. Also, the function no longer actually returns the token, but instead stores it … Read more
So i finally figured out how to do this. The basic idea is that you have the token you get the first time you ask for authentication. This first token has a refresh token. The first original token expires after an hour. After an hour you have to use the refresh token from the first … Read more
The link to discussion, provided by Catchdave, has another valid point (original, dead link) made by Dick Hardt, which I believe is worth to be mentioned here in addition to what’s been written above: My recollection of refresh tokens was for security and revocation. <…> revocation: if the access token is self contained, authorization can … Read more
Google OAuth 2 authorization – Error: redirect_uri_mismatch