You don't update the existing connection. If the token is new, you remove the old connection and create a new one. I know that to work, because I've got some experimental code to do just that (experimental code that I need to dust off and make non-experimental soon...but that's a problem for another day).
In short, at the moment, there is no *direct* support in Spring Social for working with canvas apps. But that doesn't mean it can't be done.
With regard to the question of how it can be done, I'm working on an example to show how to do that. But I have other items already in progress that take a higher priority (and are being asked for with just as much urgency as your request), so I must ask for your patience in this matter. I promise that I will try to squeeze in the updates to the canvas sample as soon as I possibly can. Believe me when I say that *I* really want to complete that sample, as the obsessive/compulsive side of me can't stand that there's a wrong canvas sample and a gap in coverage there. :-)
In the meantime, if you happen to dig around discover an approach that works for you, I encourage you to post your findings here or to blog about it so that the community can learn from it.
With regard to building against 3.2.0 vs. 3.1.3, Spring Social (as I'm building it) is compiled against Spring 3.1.3. I can't speak for Spring Security or for your own project. But from what I see in the other thread, it looks like you had two of the same controller in play (one from a @Bean declaration and one from component-scanning). That would explain your ambiguous mapping problem.
Spring Social Project Lead