2

I tried to follow the instructions on JOAuth, a java-based OAuth 1 (final) and OAuth 2 (draft 10) library. How do I use it? in order to fetch facebook access token but with no success.

i did the following:

added these lines to WEB-INF/web.xml

<servlet>
  <description>An OAuth Servlet Controller</description>
  <display-name>OAuthServlet</display-name>
  <servlet-name>OAuthServlet</servlet-name>
  <servlet-class>com.neurologic.oauth.servlet.OAuthServlet</servlet-class>
  <init-param>
     <param-name>config</param-name>
     <param-value>/WEB-INF/oauth-config.xml</param-value>
  </init-param>
  <load-on-startup>3</load-on-startup>
 </servlet>
<servlet-mapping>
 <servlet-name>OAuthServlet</servlet-name>
 <url-pattern>/oauth/*</url-pattern>
</servlet-mapping>

created WEB-INF/oauth-config.xml with the following lines: (renamed app key and secret to <APP_KEY> and <APP_SECRET>)

<?xml version="1.0" encoding="UTF-8"?>
<oauth-config>
<oauth name="facebook" version="2">
 <consumer key="<APP_KEY>" secret="<APP_SECRET>" />
 <provider authorizationUrl="https://graph.facebook.com/oauth/authorize" 
   accessTokenUrl="https://graph.facebook.com/oauth/access_token" />
</oauth>

<service path="/oauth_redirect" 
class="com.facebook.FacebookOAuthService" oauth="facebook">
 <success path="/start.jsp" />
</service>
</oauth-config>

my com.facebook.FacebookOAuthService class ( The OAuth Service ):

package com.xpogames.facebook;

import java.util.Map;

import javax.servlet.http.HttpServletRequest;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import net.oauth.enums.GrantType;
import net.oauth.exception.OAuthException;
import net.oauth.parameters.OAuth2Parameters;

import com.neurologic.oauth.service.impl.OAuth2Service;
import com.neurologic.oauth.util.Globals;

/**
 * @author The Elite Gentleman
 * @since 05 December 2010
 *
 */
public class FacebookOAuthService extends OAuth2Service {


 private static final String REDIRECT_URL = "http://127.0.0.1:5080/Red5FacebookAuth/oauth/oauth_redirect";

     /* (non-Javadoc)
      * @see com.neurologic.oauth.service.impl.OAuth2Service#processReceivedAuthorization(javax.servlet.    http.HttpServletRequest, java.lang.String, java.util.Map)
  */
  @Override
  protected String processReceivedAuthorization(HttpServletRequest request, String code, Map<String, String> additionalParameters) throws OAuthException {
 // TODO Auto-generated method stub

  OAuth2Parameters parameters = new OAuth2Parameters();
  parameters.setCode(code);
  parameters.setRedirectUri(REDIRECT_URL);

  Map<String, String> responseMap = getConsumer().requestAcessToken(GrantType.AUTHORIZATION_CODE, parameters, null, (String[])null);
  if (responseMap == null) {
   //This usually should never been thrown, but we just do anyway....
   throw new OAuthException("No OAuth response retrieved.");
  }

  if (responseMap.containsKey("error")) {
   throwOAuthErrorException(responseMap);
  }

  if (responseMap.containsKey(OAuth2Parameters.ACCESS_TOKEN)) {
   String accessToken = responseMap.remove(OAuth2Parameters.ACCESS_TOKEN);
   request.getSession().setAttribute(Globals.SESSION_OAUTH2_ACCESS_TOKEN, accessToken);
   processAdditionalReceivedAccessTokenParameters(request, responseMap);
  }

  return null;
 }

 /* (non-Javadoc)
  * @see com.neurologic.oauth.service.impl.OAuth2Service#processAdditionalReceivedAccessTokenParamet    ers(javax.servlet.http.HttpServletRequest, java.util.Map)
  */
 @Override
 protected void processAdditionalReceivedAccessTokenParameters(HttpServletRequest request, Map<String, String> additionalParameters) throws OAuthException {
  // TODO Auto-generated method stub

 }   
}

and finally the start.jsp file that the user should be forwarded to on success.

<%@page import="com.neurologic.oauth.util.Globals"%>

<% 
String accessToken =     (String)request.getSession().getAttribute(Globals.SESSION_OAUTH2_ACCESS_TOKEN); //For OAuth 2 access token.
%>
<%= accessToken %>

when I try to test it by forwarding my browser to http://127.0.0.1:5080/Red5FacebookAuth/oauth/oauth_redirect the output that i get is null which means that the attribute does not exist

there are no errors but still i get no proper token.

I'm new to tomcat and the servlet configuration so i might have missed something.

what am i missing?

thanks a lot!

Community
  • 1
  • 1
ufk
  • 30,912
  • 70
  • 235
  • 386
  • 1
    Thanks for the feedback, I'm busy answering this. Btw. If you checked on Google Code, v1.1 of the JOAuth is out. – Buhake Sindi Mar 14 '11 at 20:06
  • Thanks for detailed information. but, i am getting one error while executing above code. Error is : Cannot find the declaration of element 'oauth-config'. [2]. can u tell me why this error came? – pradeep cs Jul 10 '12 at 18:02

1 Answers1

4

Ok, what I never answered before (because I assumed the user to know OAuth Authorization) is the initiation of the OAuth Authorization flow.

Firstly, follow the OAuth flow as stipulated here. I'm showing you how it's done in java based on what's documented.

For this workflow to work, you need to request an Authorization Code (through Authorization Request as mentioned in paragraph 4.1.1 of OAuth Specification).

That method is called from OAuth2Consumer class:

public String generateRequestAuthorizationUrl(ResponseType responseType, String redirectUri, String state, String scopeDelimiter, String... scope) throws OAuthException {

Remember, scopeDelimiter for Facebook is a comma , and responseType is ResponseType.CODE. scope is what Facebook perceives as permissions.

A full example is this:

String client_id = "<APP_ID>";
String client_secret = "<CLIENT_SECRET>";
String redirectUrl = "http://127.0.0.1:5080/Red5FacebookAuth/oauth/oauth_redirect"; 
OAuth2ServiceProvider provider = new OAuth2ServiceProvider("https://graph.facebook.com/oauth/authorize", "https://graph.facebook.com/oauth/access_token");
OAuth2Consumer consumer = new OAuth2Consumer(client_id, client_secret, provider);


//Using HttpServletResponse (but you can kickstart it through an Action/Controller/etc.
response.sendRedirect(consumer.generateRequestAuthorizationUrl(ResponseType.CODE, redirectUrl, null, ",", (String[])null)); //where null is the scope array,

This will, in turn call your com.facebook.FacebookOAuthService.processReceivedAuthorization when Facebook does an HTTP-Redirect. The code is then your Authorization Code received from Facebook.

Hope this helps!

PS Facebook doesn't do an HTTP-Redirect to your page when requesting access token, hence why you're manually storing it in a session and not JOAuth (It uses OAuth 2 draft 0). If other OAuth 2 service provider uses HTTP-Redirect after requesting for Access Token, don't store the Access Token, the OAuth2Service does it automatically for you.
PPS Use any logging framework to see logs.

Good luck and let me know what comes up!

Community
  • 1
  • 1
Buhake Sindi
  • 87,898
  • 29
  • 167
  • 228
  • It's my pleasure :) Btw, how did you hear about JOAuth? – Buhake Sindi Mar 14 '11 at 22:32
  • from you. http://stackoverflow.com/questions/5248484/restfb-writing-a-facebook-application-with-java-using-the-new-graph-api :) btw thank you for providing the full information so i can actually understand what i'm doing and not just to copy/paste the code. – ufk Mar 14 '11 at 22:45
  • Aaah! :) I forgot that I made a comment on that question. Have fun with JOAuth! Btw, copy/pasting of code is ok if you know what you're doing (fine-tuning). Also, keeping my name on your code seems like you're plagiarizing it....lol – Buhake Sindi Mar 15 '11 at 07:21
  • hi again! still trying to properly work with your tool. please let me know if you can provide any information to enlight me regarding the following issue: http://stackoverflow.com/questions/5615193/joauth-facebook-graph-api-when-writing-facebook-applications – ufk Apr 10 '11 at 22:40