I’m starting to use facebook Graph API and I’m going to retrieve an access token with some simple HTTP requests via java.
Following https://developers.facebook.com/docs/authentication/
I created a new app but I don’t have a domain so
I make an HTTP request to
http://www.facebook.com/dialog/oauth?client_id=YOUR_APP_ID&
redirect_uri=https://www.facebook.com/connect/login_success.html
for a server-side flow, and I suppose to get redirect to a success page with a code in the URL. Then I would use this code make another HTTP request to
graph.facebook.com/oauth/access_token?
client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&
client_secret=YOUR_APP_SECRET&code=THE_CODE_FROM_ABOVE
and finally get my access token.
I used both java.net.HttpURLConnection and org.apache.http.HttpResponse,
but, in both cases, executing the first call I get as response the HTML of a Facebook login page.
If I use this HTML to create a webpage and then I simply click on the Login button (without inserting username and password) I get the success page with the code!
In the HTML the field submit of the button Login is empty and I can’t retrieve redirect URLs… I can just read an alternate link in the <meta> tag which generate an auth_token (what is it? It is very different wrt an normal access_token…).
So what I ask is:
-
it is possible to detect the hidden redirect in some way just
usingjava.net.HttpURLConnectionor
org.apache.http.HttpResponse? -
if yes, how is the mechanism? Is it related to the
auth_token? -
if no, is it possible with other libraries? (I used also restfb,
but they seems to require an access token inserted “by hand” as an
arg, and I also saw facebook-java-api but it seems old).
Also if I’m logged in Facebook, executing the first HTTP call via Java I get as response the HTML of a Facebook login page.
Using HTML to create a webpage and then I simply click on the Login button (without inserting username and password) I get the success.htm page with the code parameter in the URL.
If I use the original URL directly in my browser I can directly obtain the success.htm page without passages in the middle.
So I suppose the problem is in the management of cookies: in Java (executed in Eclipse) I cannot access my browser’s cookies.
I tried to redirect to use a Servlet but I get the error about the domain:
ServletURL is not a Facebook domain or a “site URL” registered for my app (actually I did’t set a site URL for my app… and that’s the problem core).
In any case here
http://developers.facebook.com/docs/authentication/
in the section App types > Desktop apps they say:
[…] After the user authorizes your app [I allowed everything], we
redirect the user back to the redirect_uri with the access token in
the URI fragment: […]Detect this redirect and then read the access token out of the URI
using whatever mechanisms provided by your framework of choice. […]
So I think that it is still possible to detect this redirect via Java. How?
If you do not have a domain yet I recommend you using localhost as a domain. That way you can test it on your local web server / local app.
Using HttpURLConnection works fine.
This is how we do it.
This will return an access token which you can query facebook with