7. Kim Ross
@kimbertles
http://developers.facebook.com/docs/authentication/server-side/ #ljcjug
8. FacebookController
@RequestMapping("/fb/")
public String fb(
@RequestParam(value = "signed_request") String signedRequest, Model model)
1. Check signed request signature
String[] parts = signedRequest.split(".", 2);
Base64 decoder = new Base64(true); // Gotcha - decoder must be base64 URL
String sig = new String(decoder.decode(parts[0].getBytes()));
checkSignature(sig, parts[1]);
String data = new String(decoder.decode(parts[1].getBytes()))
Kim Ross
@kimbertles
#ljcjug
9. 2. Check if already authorised
JSONObject sReq = new JSONObject(data);
if (sReq.has("user_id")) {
model.addAttribute("accessToken", sReq.getString("oauth_token"));
return "facebook";
}
Kim Ross
@kimbertles
#ljcjug
10. 3. If not authenticated, request permissions
StringBuilder redirectUrl = new StringBuilder(
"http://www.facebook.com/dialog/oauth/?client_id=");
redirectUrl.append(FacebookConstants.APP_ID);
redirectUrl.append("&redirect_uri=");
redirectUrl.append(URLEncoder.encode(
"http://apps.facebook.com/ljc-presentation/auth/", "UTF-8"));
redirectUrl.append("&state=");
redirectUrl.append("MYSTATE");
redirectUrl.append("&scope=");
redirectUrl.append("email,user_likes");
return "redirect:" + redirectUrl.toString();
Kim Ross
@kimbertles
#ljcjug
11.
12. Kim Ross
@kimbertles
http://developers.facebook.com/docs/authentication/server-side/ #ljcjug
13. Getting the access token
String code = request.getParameter("code");
StringBuilder accessTokenUri = new StringBuilder(
"https://graph.facebook.com/oauth/access_token?client_id=");
accessTokenUri.append(FacebookConstants.APP_ID);
accessTokenUri.append("&redirect_uri=");
accessTokenUri.append(URLEncoder.encode(
"http://apps.facebook.com/ljc-presentation/auth/", "UTF-8")); **
accessTokenUri.append("&client_secret=");
accessTokenUri.append(FacebookConstants.APP_SECRET);
accessTokenUri.append("&code=");
accessTokenUri.append(URLEncoder.encode(code, "UTF-8"));
HttpClient client = new HttpClient();
GetMethod getter = new GetMethod(accessTokenUri.toString());
client.executeMethod(getter);
String response = getter.getResponseBodyAsString();
String accessToken = response.substring(
response.indexOf("=") + 1, response.indexOf("&expires")); Kim Ross
model.addAttribute("accessToken", accessToken); @kimbertles
#ljcjug