I have a Node.js web application that uses Facebook OAuth 2.0 to register/login/logout users using everyauth.
I enabled the deprecation of offline access on my Facebook application so now I receive tokens that expire after ~two months, or when the user changes her password, or when she removes the application, BUT not when she logs out of Facebook
My application is embedded in an iframe into multiple websites and is used to push updates to the user's Facebook timeline.
Say I have my application installed on site A and site B. If the user X logs in my application on A, he is logged into my application on B as well because the iframe preserves the session.
Problem
If the user X logs out of Facebook, anyone else using the same computer on sites that have my application installed is going to push updates on behalf of X.
Is there a way to determine if X is still logged into Facebook before pushing an update?
In other words, I need something similar to Facebook's JavaScript SDK FB.getLoginStatus but on the server side in Node.js. The best thing would be a Graph API call, but I can't find an appropriate URL for it.
IMPERFECT SOLUTION:
In the end, I went with @NitzanTomer's solution described in the comments. I used the JavaScript SDK and its FB.getLoginStatus method to check if the current user of my application is still logged in on Facebook. This is far from ideal: it works in my case because I'm running JavaScript code in an iframe, thus being relatively protected from attacks by the same-origin policy.
You can you use FB.getLoginStatus to check whether the user is connected to Facebook or not: https://developers.facebook.com/docs/reference/javascript/FB.getLoginStatus/
getLoginStaus function is not there in facebook-node-sdk by amachang but what you can use is the getLoginStatusUrl function: facebook-node-sdk
The user is logged in if returned value is the url you assign to ok_session property. You cannot be sure of the permissions granted to your app though