/**
* Ensures the provided GraphSessionInfo object is valid,
* throwing an exception if not. Ensures the appId matches,
* that the machineId matches if it's being used,
* that the token is valid and has not expired.
*
* @param GraphSessionInfo $tokenInfo
* @param string|null $appId Application ID to use
* @param string|null $machineId
*
* @return boolean
*/
public static function validateAccessToken(GraphSessionInfo $tokenInfo, $appId = null, $machineId = null)
{
$targetAppId = FacebookSession::_getTargetAppId($appId);
$appIdIsValid = $tokenInfo->getAppId() == $targetAppId;
$machineIdIsValid = $tokenInfo->getProperty('machine_id') == $machineId;
$accessTokenIsValid = $tokenInfo->isValid();
$accessTokenIsStillAlive = true;
// Not all access tokens return an expiration. E.g. an app access token.
if ($tokenInfo->getExpiresAt() instanceof \DateTime) {
$accessTokenIsStillAlive = $tokenInfo->getExpiresAt()->getTimestamp() >= time();
}
return $appIdIsValid && $machineIdIsValid && $accessTokenIsValid && $accessTokenIsStillAlive;
}
/**
* validateTokenInfo - Ensures the provided GraphSessionInfo object is valid,
* throwing an exception if not. Ensures the appId matches,
* that the token is valid and has not expired.
*
* @param GraphSessionInfo $tokenInfo
* @param string|null $appId Application ID to use
*
* @return boolean
*
* @throws FacebookSDKException
*/
public static function validateSessionInfo(GraphSessionInfo $tokenInfo, $appId = null)
{
$targetAppId = static::_getTargetAppId($appId);
if ($tokenInfo->getAppId() !== $targetAppId || !$tokenInfo->isValid() || $tokenInfo->getExpiresAt() !== null && $tokenInfo->getExpiresAt()->getTimestamp() < time()) {
throw new FacebookSDKException('Session has expired, or is not valid for this app.', 601);
}
return true;
}
