[Publish] Best practices for keeping your social accounts connected
IN THIS ARTICLE
Social accounts will become disconnected from time to time. Whilst this can be frustrating, it's good to keep in mind that this is normal behaviour and is usually the result of the social network making a change to keep your account safe and secure.
Connections between Buffer Publish and your social accounts require access tokens, which can expire for a number of reasons, including password changes and explicit lifespans of an access token. This guide aims to provide a deeper knowledge of access tokens, and how and when they might expire, resulting in you needing to reconnect a social account.
When do access tokens expire, causing your social account to disconnect?
Regardless of social network, the access token will expire and you will need to reconnect your account under the following circumstances:
If the username or password of the social account is changed
Changing your social account username of password will result in that social network removing Buffer Publish's access to your account, because the original credentials that were used to authenticate the account no longer exist. To correct this, head over to your Buffer Publish dashboard and reconnect the social account immediately after changing your username or password.
If Buffer's access to the social network has been revoked
Each social network has an area where third party apps can be granted authorization to access your account. If Buffer's access is revoked or altered, this will result in the loss of the access token and your account being disconnected. To correct this, head over to your Buffer Publish dashboard and reauthorize the social account. Below you will find links to the area within each social network where third party apps can be granted authorization:
Social network specifics
In addition to the reasons outlined above, each social network also has their own policies on access tokens and when they might expire.
Twitter accounts connected to Buffer Publish should not require frequent reconnection, since the access tokens they issue do not have specific lifespans or expiry dates. That said, we do see Twitter accounts becoming disconnected from time to time, usually due to accounts being suspended due to duplicate content being published, or other spam-like behaviour. More guidance on limitations with sharing duplicate content on Twitter can be found here.
Twitter's policy wording:
Access tokens are not explicitly expired. An access token will be invalidated if a user explicitly revokes an application in the their Twitter account settings, or if Twitter suspends an application. If an application is suspended, there will be a note on the apps.twitter.com page stating that it has been suspended. Reference >>
Facebook and Instagram
We have found that Facebook and Instagram accounts connected to Buffer Publish do require reconnecting more often than some other social networks. Facebook state that access tokens usually have a lifetime of about 60 days, which means your account will need to be reconnected at that point.
We appreciate this is a little ambiguous with the use of words like "usually" and "about". We're sorry we can't provide a more definitive answer on this one.
Below are some of the other reasons an access token may expire:
- You no longer have Admin access (for Facebook Pages)
- You are publishing identical posts to several accounts at exactly the same time. More guidance on this can be found here.
- You are logging into your account from many different IP addresses (for instance, if several folks have the email and password login information for your account)
- You are often logging in and out of several different accounts
Facebook's policy wording:
User access tokens come in two forms: short-lived tokens and long-lived tokens. Short-lived tokens usually have a lifetime of about an hour or two, while long-lived tokens usually have a lifetime of about 60 days. You should not depend on these lifetimes remaining the same - the lifetime may change without warning or expire early. Reference >>
LinkedIn accounts connected to Buffer Publish will require reconnecting every 60 days, since that's the lifespan of the access tokens granted by LinkedIn. Other reasons that an access token from LinkedIn might expire include:
- You are publishing identical posts to several LinkedIn accounts at exactly the same time. More guidance on this can be found here.
- You no longer have Admin access (for LinkedIn Pages)
LinkedIn's policy wording:
Access Tokens stay valid until the number of seconds returned in the *expires_in field in the API response. A user can go through the OAuth flow on multiple clients (browsers or devices) and simultaneously hold multiple valid access tokens as long as the same scope is requested. If the user requests a different scope than the previously granted scope, then all the previous access tokens are invalidated.
*expires_in — The number of seconds remaining, from the time it was requested, before the token will expire. Currently, all access tokens are issued with a 60 day lifespan.
Google+ accounts connected to Buffer Publish should not require frequent reconnection, since the access tokens they issue do not have specific lifespans or expiry dates. That said, we do see Google+ accounts becoming disconnected from time to time, usually if the access token hasn't been used for six months (i.e. you haven't shared any content to the social account via Buffer Publish in recent months).
Google+ policy wording:
A refresh token might stop working for one of these reasons:
- The user has revoked your app's access.
- The refresh token has not been used for six months.
- The user changed passwords and the refresh token contains Gmail scopes.
- The user account has exceeded a maximum number of granted (live) refresh tokens.
Pinterest accounts connected to Buffer Publish should not require frequent reconnection, since the access tokens they issue do not have specific lifespans or expiry dates.
Pinterest's policy wording:
Your app will call the API to exchange the authorization code for an access token, which is a permanent credential (unless the user revokes your access). You'll use the access token to perform actions on Pinterest on your user's behalf. Reference >>