Is there a reliable way of getting access token errors from the facebook platform?
Our iOS/Android App needs to save the users Facebook session. This is fine except that authentication errors we get from Facebook seem to be inconsistent.
Essentially, if we get an error from facebook, we want to know if this requires the user to reauthenticate or if it's due to an intermittent error (i.e. they are being rate limited for some reason).
Most facebook graph errors seem to include an error code in the body of the error message text.
Some do not.
e.g
{"error":{"message":"Error validating access token: The session is invalid because the user logged out.","type":"OAuthException"}}
Does not contain an error code, so the only way to check against this error is to do a string comparison on "message". That seems a remarkably unreliable way of checking for errors.
It seems ~almost~ possible to check to see if the "type" variable in the json string indicates an "OAuthException", except that if the user is rate limited, then that will throw an OAuthException as well but it doesn't require the user to log back in, it only requires them to wait a little while and stop posting so much.
I have seen the How-To listed here: https://developers.facebook.com/blog/post/500 but that will still have the problem that my games will require users to log back into facebook if they happen to be over-enthusiastic about posting to their wall.
So, is there a reliable way of getting errors from the facebook platform?
Right now the best solution I can find is to parse the message string for error codes, and if I don't find any then reparse the string looking for specific messages (such as "Error validating access token") and then finally if I can't determine what the error is, just panic and log the user out.
Unfortunately I haven't found a great way of handling this. The best solution I've found so far is to look to see if the error is an OAuthException, compare the error message against a white list of "acceptable failures" that do not require reauthentication, but if the error does not match any error on this white list, I assume that the user has to reauthenticate with Facebook.
For reference, the only error I've found that can be whitelisted is the "user is rate limited" error. To detect this, I check to see if the error message contains the substring "(#341)", which is the error code of this error (not that this error is one of the few errors that contains an error code in the error message body).