spring social console application with main method

**aki200** · Apr 28th, 2012, 02:05 PM

Hi all,

I am trying to figure out the spring social and OAuth authentication. In order to do this I cloned the sample project form git clone git://github.com/SpringSource/spring-social-samples.git. and I used spring-social-quickstart as I starting point.

I loded the appication context and I started creating the FacebookConnectionFactory. Everything is going well til I bumped in to the HttpServletResponse line. I don't really want to use this to build web application where users can login to their accounts by using my application. Instead I need this for the custom cms that I am building, in which the content editors would be able to push content to social sites like Facebook, LinkedIn... For example to their company's Facebook profile. This should be done by cms, automatically without further interaction required from the content editors.

Here is where I am stuck:

Code:

FacebookConnectionFactory connectionFactory = 
    new FacebookConnectionFactory("clientId", "clientSecret");
OAuth2Operations oauthOperations = connectionFactory.getOAuthOperations();
OAuth2Parameters params = new OAuth2Parameters();
params.setRedirectUri("https://my-callback-url");
String authorizeUrl = oauthOperations.buildAuthorizeUrl(GrantType.IMPLICIT_GRANT, params);
response.sendRedirect(authorizeUrl); // do I need this?

// upon receiving the callback from the provider:
AccessGrant accessGrant = new AccessGrant(accessToken); // I need this token too. Don't know how to get it.
Connection<Facebook> connection = connectionFactory.createConnection(accessGrant);

How can I achieve Facebook connection and the ability to post something on my own wall directly from a java console application? Is this even possible in spring social?

**aki200** · Apr 29th, 2012, 04:39 AM

anyone? (10 characters)

**habuma** · Apr 30th, 2012, 08:41 AM

Sorry for the delayed response. But to be fair, you did ask it on the weekend and I'm sure most of us (me included) were enjoying that time away from the computers.

So, you're looking to pushing to a company's Facebook page instead of a user's own page. To do that you'll need what Facebook calls a "Page Access Token"...and the only way (that I know of) to get a page access token is to fetch it from the profile of a user who is authorized to publish to that page. So, you'll still need to do the standard connection to get an access token for your CMS users. Then from that you can use methods in the PageOperations interface to work with stuff at a page level...under the covers, PageTemplate will retrieve the page access token for the user (if they are authorized) and use it.

I see that you're using the low-level OAuth 2 stuff that Spring Social offers...is there a reason you chose to do that instead of using ConnectController? Assuming that you're building a web application, ConnectController can handle all of that redirection stuff for you and create connections on behalf of your users. It would be essentially the same arrangement as what you see in the Spring Social Showcase sample. The only *minor* difference is that you'd use stuff in PageOperations to publish to pages.

If you're not building a web app (let's say your CMS is a desktop app) then you would need to use Resource Owner Credentials Grant to obtain the access token for the user...I can help you with that, too if that's what you want...but I'll spare you the details until I know that's what you're trying to do.

In short, in order to publish to a page, you'll need to get a page access token. Each user who is authorized to publish to the page is given their own page access token. But if you're using Spring Social's Facebook API binding you don't need to worry about that...just get a regular access token for that user and the operations provided by PageOperations/PageTemplate will deal with obtaining a page access token transparently.

**aki200** · May 1st, 2012, 04:27 AM

no worries, I am aware that it was weekend.
I will start by explaining what I am trying to build. It is indeed a web application which will serve as CMS. What they want is ability to optionally push some of their articles/content to their company's social accounts/pages. There is not going to any functionality for their visitors to login on their website true some of the social providers. That is why I don't need the ConnectController to do this.

The reason that I started exploring spring social by using this low level authentication stuff is because I was not able to find any example how to get this basic functionality that some social sites provide, by using spring social. All of the examples are centered about fancy stuff that social sites provide. I guess the reason for that is very simple, those functionality's are more complex to integrate in an web application.

Anyway I did some digging in spring social java doc and found out that it actually pretty strait forward to achieve what I want by using spring social.
taadaa... this is it!

...
public static void main(String[] args) {
...
TwitterTemplate twitterTemplate = new TwitterTemplate(API_KEY, API_SECRET, ACCES_TOKEN, ACCES_TOKEN_SECRET);
twitterTemplate.timelineOperations().updateStatus( "hello there");

}
...

As you can see, it is just basic stuff that I want. In this case is that a tweet on my own twitter account.
Anyway, thank you for your help and your offer to help me even further but, if the Facebook template is anywhere near, as simple as this I think I will manage to do it without bordering you any further. If not you will hear form me

.

Once I am done whit this project I will write a tutorial on how to do this basic stuff with spring social, it may be useful to other, noobs like me. If you don't mind, I can send it to you and maybe you can put it on some of the spring related sites or even documentation.
Anyway thanks again for your time.

p.s. sorry for the bad English.

**habuma** · May 1st, 2012, 08:17 AM

That's great that you figured this out. FacebookTemplate is even simpler because all you need to give it is your access token. My question for you, however, is how are you going to get that access token?

I wasn't anticipating that you'd use ConnectController for visitors to create connections with...I was thinking that your content creators would use it to create a connection to their Facebook profile, which in-turn would create a FacebookTemplate for you from the access token on the connection. From there, the internals of FacebookTemplate can use that token to obtain the page access token needed to publish to a page.

So, my question remains: How will you obtain the access token needed to construct FacebookTemplate? I can think of several ways, but I'm curious which approach you'll be taking.

**habuma** · May 1st, 2012, 11:28 AM

BTW, it just occurred to me that I didn't address the 2nd part of your last post: By all means, please write up anything you see fit for Spring Social. I'm always excited to see community-written articles and will be happy to link to it from the Spring Social homepage.

**aki200** · May 6th, 2012, 04:35 PM

I am really sorry for the late reply. I am doing this between full time job and evening classes. I hope you understand.

Back to the subject:

I did some homework on my own about facebook api. They indeed do not provide access token to access your own account as twitter does. At least not directly. I found out that there is a way to get user access token, for your facebook application, by using Facebook's: Graph API explorer.

This is what I did:

1. Create app on Facebook's api pages.
2. go to Facebook Graph API explorer: Home › Tools › Graph API explorer
3. press on "Get access token"
4. In the popup window, select the rights that you would like to have and within this popup window, click again on: "Get access token" button.
5. In second pop-up window, login to your user account and click on "allow" button. Popup window will close and you will see your access token string in the original Graph API explorer window.

From here on I can use FacebookTemplate. I suppose that this is sufficient to have my app make posts on my profile and/or pages for which I have rights to post to, considering that I selected all the possible rights, by using Graph API explorer?

I am also wondering if there is a time limit on this access token that I just retrieved. Do you have any idea?

Just to be clear. This is the scenario: Company already has one user profile which they use. This is not a co-worker bounded profile. I will just use this profile to retrieve the access token from Graph API explorer, with necessary rights, to post on that profile and/or page for which this profile has rights to post to. Access token will be hard coded in some properties file.

What do you think?

**aki200** · May 6th, 2012, 05:17 PM

I just found out that this is not going to work because, offline_access is being deprecated by Facebook.

**habuma** · May 7th, 2012, 09:01 AM

First, I do not believe your one-user profile to represent the company is the way Facebook intends you to do this. I could be wrong, but you may want to review Facebook's policies on this. I only suggest this to you, because Facebook typically frowns on accounts being created that are not tied to a real human and if they find out they will terminate that account. (I've seen this done in the case where someone creates an account for no other reason than to test the Facebook API; they have a separate process for that scenario.)

I believe the correct approach is the one I outlined above: That is, you have a real human user on Facebook who is authorized to publish to the company's page. In that scenario you must get the page access token for that user. And the only way to do that is to first get that user's token and to retrieve it from their "accounts" (which is what the stuff in PageOperations does for you under the covers).

As for the offline_access deprecation, yes I'm aware of that. Currently (as long as your app doesn't have the offline_access deprecation set yet) tokens expire after 2 hours and you can only get a new token by going through the authorization process again (which is exactly what you did in the Graph API explorer). After the deprecation is enforced in July, tokens obtained on server-side apps will have a 60-day expiration and (as I understand it) will only be able to get a new token by going through the authorization process again. Note that as long as the user has not revoked authorization, then they will not be prompted with the authorization screen again and instead Facebook will immediately redirect back to the app with a new authorization code that can be exchanged for a fresh access token.

FWIW, I have also done what you do to quickly get an access token via the Graph API Explorer...but I only use it for quick-n-dirty testing and would never consider using that for a real production app (which should be going through the official Facebook-sanctioned process). Furthermore, if you *do* get an access token via the Graph API Explorer (I'm still not recommending this), you should be sure to request the token for your app...by default the token will be granted for the Graph API Explorer itself.

**aki200** · May 7th, 2012, 09:29 AM

You are right, I should not be using user profile to represent the company. I will just use the scenario that you outlined earlier for retrieving the access_token for a user, with the help of ConnectController... User will have the rights to post on the company's page.
Thanks for your help. I think that I will be able to realize this. Cheers.

Thread: spring social console application with main method

Thread Tools

Display

spring social console application with main method

Tags for this Thread

Posting Permissions