OAuth2.0 you should be aware of when using access token

Before implementing the OAuth2.0 authorization method, we need to set up the application authorization callback page or bind the domain name for different applications, to obtain the code to be returned after the authorization is successful, and to obtain Access_token by code. Using the Developer account login http://open.weibo.com, enter the "My Apps" console that needs to be switched for the application to set: Client Applications & Other applications: Click the console Navigation "application Information"-> "advanced Information" to authorize a callback page or domain name binding. Setting the callback page does not require a second instance to facilitate your testing and development. Binding domain names need to be second instance, the second trial time online application is not affected, bound domain name to increase the security of the application, and all pages under the domain name can be used as authorization callback page. Note: The client also needs to set the authorization callback page or binding domain name, in the program in WebView way to invoke the authorization page return code, the specific implementation of reference to the corresponding client sdk:http://open.weibo.com/wiki/sdk. Attention: OAuth2.0 Access_token than OAuth1.0 has a certain period of validity, when the access_token expires, you need to guide the user to authorize. The application's authorization validity period can access the interface access permission description or be viewed in the application console.
how to calculate the Access_token expiration time for a user. A the value of the expires_in (in seconds) returned by the Oauth2/access_token interface is the life cycle of the access_token when authorized by the user. b from the corresponding table, find the application of the corresponding authorization validity period, expiry time = user Authorization time + authorization validity period.

The application's authorization validity period can access the interface access permission description or be viewed in the application console.
How to deal with Access_token after expiration. Access_token When an interface is expired, the platform returns an error code of 21332, which requires the user to be rebooted. It is recommended that you save an expiration time each time you obtain a user's authorization and determine whether the user Access_token expires before each interface is invoked.

When booting an authorized user to authorize again, if the user is logged on to Sina Weibo status, the authorization page is "flash over" without the user clicking on the "Authorize" button, if the user wants to login again, the authorize interface is the incoming parameter: forcelogin=true, Default is not filled (Authorization page is flashed) This parameter is equivalent to Forcelogin=false. Add test Account if you use an appkey for testing, you need to add a test account in the application or Web site console "application Information" or "Website Information"--> "Test Account", and not audit the application only the application creator and the test account can invoke the interface V2 Version Interface return value only supports JSON format does not support XML format a The return value of the interface may contain fields such as HTML, the return of XML format requires special processing of HTML, directly affect the platform package return value and the efficiency of the developer to resolve the return value; b for JS and other languages in the resolution of complex XML is more difficult, less efficient; c) XML format is much more redundant than JSON in the form of Key-value, which does not meet the demand for high performance requirements such as mobile phone clients.