How to detect the redirect to retrieve access_token via java

Question

I'm starting to use facebook Graph API and I'm going to retrieve an access token with some simple HTTP requests via java.

Following https://developers.facebook.com/docs/authentication/ I created a new app but I don't have a domain so I make an HTTP request to

www.facebook.com/dialog/oauth?client_id=YOUR_APP_ID&
redirect_uri=https://www.facebook.com/connect/login_success.html

for a server-side flow, and I suppose to get redirect to a success page with a code in the URL. Then I would use this code make another HTTP request to

graph.facebook.com/oauth/access_token? client_id=YOUR_APP_ID&redirect_uri=YOUR_URL& client_secret=YOUR_APP_SECRET&code=THE_CODE_FROM_ABOVE

and finally get my access token.

I used both java.net.HttpURLConnection and org.apache.http.HttpResponse, but, in both cases, executing the first call I get as response the HTML of a Facebook login page.

If I use this HTML to create a webpage and then I simply click on the Login button (without inserting username and password) I get the success page with the code!

In the HTML the field submit of the button Login is empty and I can't retrieve redirect URLs... I can just read an alternate link in the <meta> tag which generate an auth_token (what is it? It is very different wrt an normal access_token...).

So what I ask is:

1. it is possible to detect the hidden redirect in some way just using java.net.HttpURLConnection or org.apache.http.HttpResponse?

2. if yes, how is the mechanism? Is it related to the auth_token?

3. if no, is it possible with other libraries? (I used also restfb, but they seems to require an access token inserted "by hand" as an arg, and I also saw facebook-java-api but it seems old).

---

Also if I'm logged in Facebook, executing the first HTTP call via Java I get as response the HTML of a Facebook login page.

Using HTML to create a webpage and then I simply click on the Login button (without inserting username and password) I get the success.htm page with the code parameter in the URL.

If I use the original URL directly in my browser I can directly obtain the success.htm page without passages in the middle.

So I suppose the problem is in the management of cookies: in Java (executed in Eclipse) I cannot access my browser's cookies.

I tried to redirect to use a Servlet but I get the error about the domain: ServletURL is not a Facebook domain or a "site URL" registered for my app (actually I did't set a site URL for my app... and that's the problem core).

In any case here http://developers.facebook.com/docs/authentication/ in the section App types > Desktop apps they say:

[...] After the user authorizes your app [I allowed everything], we redirect the user back to the redirect_uri with the access token in the URI fragment: [...]

Detect this redirect and then read the access token out of the URI using whatever mechanisms provided by your framework of choice. [...]

So I think that it is still possible to detect this redirect via Java. How?

Answer 1

If you do not have a domain yet I recommend you using localhost as a domain. That way you can test it on your local web server / local app.

Using HttpURLConnection works fine. This is how we do it.

Redirect to: 
"https://graph.facebook.com/oauth/authorize?" +
            "client_id=" + clientId + "&" +
            "redirect_uri=" + URLEncoder.encode(returnUrl, "utf-8") 
// After redirect to the return url do the following:

//Make a http request to 
"https://graph.facebook.com/oauth/access_token?client_id=" +
            "client_id=" + clientId + "&" +
            "redirect_uri=" + URLEncoder.encode(returnUrl, "utf-8")  + "&"+
            "client_secret=" + clientSecret + "&"+
            "code=" + request.getParameter("code");

This will return an access token which you can query facebook with