First of all, I'm sorry for yet another "offline_access" question, but I blame Facebook for being so vague about this. I've been reading so much (here and the official Facebook deprecation "docs") about it and the more I read, the more questions I have.
Our application uses the Facebook API to publish stories from users to their timeline. This is being done from our servers using PHP via curl.
My understanding is that accesstokens cannot be valid for more than 60 days. Does this mean that our users have to come back to our site to re-authorize everytime their token has become invalid? If so, how would services like Foursquare (who have a similar integration as we have) handle this?
Or is it possible to simply request a new token when the Facebook-API replies with a "This token has expired" message?
I think this is covered in the migration document as scenario 3 or 4 depending on your auth flow
Yes, your users need to come back at least once every 60 days in order for you to have a valid token to take actions on that user's behalf