Facebook Template with existing Token

[fgatti]

I am trying to develop an Android application. It requires Facebook auth to be used. I am using Spring as a backend. I am having problems using Spring Social having already a token.

I authenticate in the Android device and send the auth token to the backend. Then do this in the controller:

Code:

    Facebook facebook = new FacebookTemplate(authToken);

    String facebookId = facebook.userOperations().getUserProfile().getId();

I am getting the error:

org.springframework.social.MissingAuthorizationExc eption: Authorization is required for the operation, but the API binding was created without authorization.

I think Spring is doing this GET call:

https://graph.facebook.com/me

when it should do something like:

https://graph.facebook.com/me?access_token=ACCESS_TOKEN

I have tried this with a valid token and nothing. Am I doing something wrong?

[habuma]

Actually, the "access_token" parameter is only one way to send the access token. The preferred approach is to send it in the Authorization header...and that's what Spring Social does.

So, if the Authorization header is not being sent, then that's clearly a problem. This works almost all the time, but the wildcard here is that you're doing this on Android. And that makes me wonder which connection factory is in play. My guess is that whatever connection factory that's in play is preventing the header from being added to the request.

A few basic questions:
(1) Are you using Spring for Android along with this? If not, then that may be the first thing to do. Spring's regular RestTemplate won't work well in Android, but Spring for Android gives an Android-ready RestTemplate that will work.
(2) Which version of Android are you using?

Let me know these things and that will go a long way toward debugging this.

[fgatti]

Hi Abuma,

thank you for your reply.

I found out that the reason it was not working was due to some missing dependencies in the pom file.

I managed to make it work using the code:

Code:

        AccessGrant accessGrant = new AccessGrant(authToken);
        OAuth2ConnectionFactory<Facebook> connectionFactory = (OAuth2ConnectionFactory<Facebook>) connectionFactoryRegistry.getConnectionFactory(Facebook.class);
        Connection<Facebook> connection = connectionFactory.createConnection(accessGrant);

        Facebook facebook = (Facebook) connection.getApi();

that I found on this page.

Anyway, I think I am not following the best approach. I think it's better if I explain what I am trying to do.

I am trying to develop a HTML based game that will run on mobile devices (only Android for now). Users need to authenticate with Facebook in order to play. I have been playing with the Facebook SDK for Android and I have to say that I liked how it works (talking to the Facebook app if installed, and not making the user log in to Facebook). I have done this login part natively in Android and it is working good.

The second step is to send the auth token to the Spring backend, which will be in charge of retrieving friends and games and sending it back to the client (HTML part).

And here is where I get a bit lost... I don't think I really need Spring for Android since the auth part is working good with the Facebook SDK for Android and the rest is going to be HTML based.

I get confused with the Connections and authorization part. Can I use the Facebook auth token for this purpose?

I have seen in the Spring Social examples that controllers have a Facebook object injected. This would be a great approach but I don't know how to do it... I am sorry but I am new to Spring too. Should I send the auth token in every request?

To make it short:
- I get the Auth Token natively in Android.
- Send it to the backend for registration.
- Make the following requests from HTML.

Thanks a lot for the support!!

[fgatti]

Ok, I have been thinking about how to do this and I think I will follow a pure REST approach, using the Facebook access token in every request.

The idea is to get the token in the client and send it as a parameter in every POST request. I have thought of implenting a HandlerInterceptorAdapter that would read the access token and locate the Facebook object (and the user associated) from it.

Now my question is how to go in order to do this.

I understand that whenever I call this:

Code:

AccessGrant accessGrant = new AccessGrant(authToken);
        OAuth2ConnectionFactory<Facebook> connectionFactory = (OAuth2ConnectionFactory<Facebook>) connectionFactoryRegistry.getConnectionFactory(Facebook.class);
        Connection<Facebook> connection = connectionFactory.createConnection(accessGrant);

        Facebook facebook = (Facebook) connection.getApi();

there is a request done to the Facebook servers which is not necessary. I know there is a user connection repository for that. The problem I find is that it is meant to be used knowing the userID, and retrieving the Connection from it. But what if I have an access token?

So my question is, how do I get the Facebook object from the access token without querying the Facebook server in every request?

Thank you in advance!!