Hi, I am using the Kinvey Backbone v1.1.4 library with Automated Control of offline caching enabled and I have a problem I am struggling to find a solution to. My app supports logging in via Facebook and everything works fine with the login flow. As expected, after logging in the activeUser has an 'access_token' that I can use to call the Facebook Graph. My problem is that after a refresh of the page, the activeUser object no longer contains the 'access_token' for Facebook. I can see that this data is not persisted to the Database (IndexedDB in my case) or server because it gets stripped off in Kinvey.User.update, but doesn't that effectively mean that the token is then lost forever? Is this a bug or by design for security reasons? If I want to persist the Facebook access token across page reloads, should I simply write it to a LocalStorage key and use that or is there a better option?
about 7 years ago
Yes, you can store it in LocalStorage.
The access_token stored on Kinvey is only used to login, and will not be returned after initial login.