What is the correct way to refresh Facebook OAuth2 access token after it expires?

Question

As I understand it, this is the basic process for new Facebook iframe canvas apps using the OAuth2 API in a nutshell:

1. Redirect to (or have user click link to)

Answer 1

1. The only way to tell if a cookie is valid is to use it and catch the error if it is expired. There is no polling method or anything to check if a token is valid.

2. To get a new token, simply redirect the user to the authentication page again. Because they have already authorized your app they will instantly be redirected back to your app and you will have a new token. They won't be prompted to allow since they have already done that.

In short, there are no tricks to this. You are already doing it correctly.