Home/ Questions/Q 8800885
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-14T00:42:25+00:00

I am using SCRIBE library to enable Facebook connect login in my Application. My

  • 0

I am using SCRIBE library to enable Facebook connect login in my Application. My problem is that after logging in and getting the access_token every time I click on the login button I am signing in without authorization, because I am signed in Facebook and the access_token is still active. Is there a way to force facebook to sign out or every time to ask me for new access_token, is it a good idea to do it with cookie or using connect.facebook.net/en_US/all.js or just redirect it at some point to https://www.facebook.com/logout.php?access_token=appId&confirm=1&next=http://localhost:8080/ . I know there is a lot of questions about that topic, but all of them and suggested solutions confuse me. Here is the my post construct method in the managed bean that handles Facebook response.

@PostConstruct
public void init() {
FacesContext context = FacesContext.getCurrentInstance();
HttpServletRequest req = (HttpServletRequest) context
.getExternalContext().getRequest();

    responseCode = req.getParameter("code");
    System.out.println("The code is:   "+responseCode);


    //facebook data
    final String PROTECTED_RESOURCE_URL = "https://graph.facebook.com/me";
    final Token EMPTY_TOKEN = null;
    String apiKey = "MY_API_KEY";
    String apiSecret = "MY_API_SECRET";
    String callbackUrl="the-redirect_page_in_my_application";

    OAuthService service = new ServiceBuilder().provider(FacebookApi.class)
            .apiKey(apiKey).apiSecret(apiSecret)
            //.scope(SCOPE)
            .callback(callbackUrl).build();

    //get authorization Url
    String authorizationUrl = service.getAuthorizationUrl(EMPTY_TOKEN);

    Verifier v=new Verifier(responseCode);
    Token accessToken = service.getAccessToken(EMPTY_TOKEN, v);


    // Now let's go and ask for a protected resource!

    OAuthRequest request = new OAuthRequest(Verb.GET,
            PROTECTED_RESOURCE_URL);
    service.signRequest(accessToken, request);
    Response response = request.send();


    Gson gson = new GsonBuilder().create();
    FacebookUser faceUser = gson.fromJson(response.getBody(), FacebookUser.class);

    setUserName(faceUser.getName());
    setUserFacebook(faceUser.getUsername());
    setGender(faceUser.getGender());

    FacesContext.getCurrentInstance().responseComplete();
    }
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You have multiple options:

    1. Tie your Logout button to the Facebook Javascript SDK’s
      FB.logout()
      function.       This has a possibly unwanted side-effect of logging the
      user out of Facebook.com also (because your app might have been
      responsible for them logging into it in the first place)
    2. Use the /me/permissions Graph API endpoint with an HTTP DELETE and a user access token to revoke permissions for that user for your app. The downside here is that the user will have to re-authenticate again when they login to your app the next time (and see the Login Dialog again too).
    3. Store a session variable that tells you that someone is logged in. Delete that variable when they logout and store another session variable that indicates they have manually logged out. Then if that second variable exists, do not automatically re-authenticate them again until they click on the login button in your app.
    • 0