Spring Security Chain and Facebook using Spring Social
https://stackoverflow.com/questions/8472036
-
13-03-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have to do an facebook login for a big web project and I am stuck. We are using the Eclipse IDE with Java 1.6 and Spring. Further we use Spring-Security for verification. I have found Spring Social and with it Spring Social Facebook. The current outlet for sign in is: User can enter his credentials and log in via log in button or he presses the facebook button. After that he will be redirected to the facebookAuthenticationFilter, which checks if he pressed the facebook button or not. If he did, the facebookAuthenticationFilter will generate redirect to the Facebook Login. That looks like this:
FacebookConnectionFactory connectionFactory = new FacebookConnectionFactory(APP_ID, APP_SECRET);
OAuth2Operations oauthOperations = connectionFactory.getOAuthOperations();
OAuth2Parameters params = new OAuth2Parameters();
params.setRedirectUri(REDIRECT_URI);
params.setScope("user_about_me,user_birthday,user_likes,user_status");
String authorizeUrl = oauthOperations.buildAuthorizeUrl(GrantType.AUTHORIZATION_CODE, params);
response.sendRedirect(authorizeUrl);
After that we look for the "code" Parameter and upon receiving that in the Filter we do
String authURL = "https://graph.facebook.com/oauth/access_token?client_id="
+ APP_ID
+ "&redirect_uri="
+ REDIRECT_URI
+ "&client_secret="
+ APP_SECRET + "&code=" + code;
// Facebook.getAuthURL(code);
URL url = new URL(authURL);
String result = readURL(url);
String authorizationCode = null;
Integer expires = null;
String[] pairs = result.split("&");
for (String pair : pairs) {
String[] kv = pair.split("=");
if (kv.length != 2) {
logger.error("Unexpected auth response");
} else {
if (kv[0].equals("access_token")) {
authorizationCode = kv[1];
}
if (kv[0].equals("expires")) {
expires = Integer.valueOf(kv[1]);
}
} // if-else kv.length!=2
} // for
// upon receiving the callback from the provider:
AccessGrant accessGrant = null;
try {
FacebookConnectionFactory connectionFactory = new FacebookConnectionFactory(APP_ID, APP_SECRET);
OAuth2Operations oauthOperations = connectionFactory.getOAuthOperations();
// nächstes produziert einen Fehler: 400 - BAD REQUEST
accessGrant = oauthOperations.exchangeForAccess(authorizationCode,REDIRECT_URI, null);
Connection<Facebook> connection = connectionFactory.createConnection(accessGrant);
Facebook facebook = connection.getApi();
On the marked line we get an Bad Request from the server. Don't know why. And especially the part with the parsing of the parameter "code" feels icky and doesn't look good. Isn't there a better way to do that?
Thanks for your help in advance.
Solution
Instead of calling the authUrl, you should use the code that is passed to the callback URL to get an accessGrant, like this:
accessGrant = connectionFactory.getOAuthOperations().exchangeForAccess(code, REDIRECT_URI, null)
With that accessGrant you should be able the make the connection ilke you do already.
