Facebook OAUTH

Java OAUTH for FaceBook

Step 1) Register an “app” on Facebook (cf. https://developers.facebook.com/ ). You give Facebook a name for the app and a url. The url you register is the url to the page (jsp or servlet) that you want to handle the login. From the registration you get two strings, an “app ID” and an “app secret” (the latter being your password, do not give this out or write it in html).

Register your website URL (this is the Base for the Return URL where facebook  must redirect after authentication is complete) under this heading “Website with Facebook Login”

For this example, let’s say the url I register is “http://myappengineappid.appspot.com/signin_fb.do”.

2) From a webpage, say with a button, you redirect the user to the following url on Facebook, substituting your app id for “myfacebookappid” in the below example. You also have to choose which permissions (or “scopes”) you want the ask the user (cf. https://developers.facebook.com/docs/reference/api/permissions/ ). In the example I ask for access to the user’s email only.

——————–

1. On first request, the plugin will return NOT_COMPLETE and redirect the user to the Facebook Oauth authentication URL:

https://www.facebook.com/dialog/oauth?client_id={app-id}&redirect_uri={redirect-uri}&scope=email

Where:

{redirect-uri} will be a URL in the form https:///Login/OauthAuthCallback.do. This will either be constructed from the current request URL, or from the requestUri parameter

{app-id} will be the application ID from the parameters

2. On receiving control again, the plugin will inspect the received query parameters. If the error_reason parameter is present, return state COMPLETE and set the oauthResult output field to “failed”. Otherwise:

a) Retrieve the access code using URL: https://graph.facebook.com/oauth/access_token?client_id={app-id}&redirect_uri={redirect-uri}&client_secret={app-secret}&code={auth-code}

Where:

{app-secret} is the application secret from the parameters

{auth-code} is the authentication code received in the request

b) On receiving the response, return output field oauthResult=”failed” if unsuccessful. Otherwise request user information by issueing a GET for the following URL:

https://graph.facebook.com/me?&access_token={access-token}

Where:

{access-token} is the token received in the response to step a).

c) If field “id” is not present in the response, return output field oauthResult=”failed”. Otherwise, populate the following output fields:

facebook_id (from “id” element)

facebook_firstname (from “first_name” element)

facebook_lastname (from “last_name” element)

facebook_email (from “email” element)

d) Request the user’s profile picture by issueing a GET for the following URL:

https://graph.facebook.com/me?fields=picture&access_token={access-token}

This returns an image URL, add it to the output fields as facebook_picture_url.

e) Return state COMPLETE with ouathResult=”success”

  private String getUserData(String accessToken, String uri) throws Exception {
 
    String responseData = "";
 
    URL url = new URL(uri);
 
    HttpsURLConnection connection = (HttpsURLConnection) url.openConnection();
 
    connection.setDoOutput(true);
 
    connection.setRequestMethod(GET);
 
    connection.addRequestProperty(CONTENT_TYPE, APPLICATION_JSON);
 
    connection.addRequestProperty(AUTHORIZATION, "OAuth " + accessToken);
 
    BufferedReader br = new BufferedReader(new InputStreamReader(connection.getInputStream()));
 
    String input;
 
    while ((input = br.readLine()) != null) {
 
      OauthLogger.logDebug(input);
 
      responseData += input;
 
    }
 
    br.close();
 
    return responseData;
 
  }
 
  private String getAccessToken(String authorizeUrl) throws Exception {
 
    URL url = new URL(authorizeUrl);
 
    HttpsURLConnection connection1 = (HttpsURLConnection) url.openConnection();
 
    BufferedReader br = new BufferedReader(new InputStreamReader(connection1.getInputStream()));
 
    String accessToken = null;
 
    String input;
 
    while ((input = br.readLine()) != null) {
 
      OauthLogger.logDebug(input);
 
      if (input.contains("access_token=")) {
 
        accessToken = input.substring(input.indexOf("=") + 1, input.length());
 
      }
 
    }
 
    br.close();
 
    return accessToken;
 
  }
 
  private String getUserProfileImage(String graphgUri) throws Exception {
 
    URLConnection connection = null;
 
    StringBuilder sb = new StringBuilder();
 
    connection = new URL(graphgUri).openConnection();
 
    connection.addRequestProperty(CONTENT_TYPE, APPLICATION_JSON);
 
    BufferedReader br = new BufferedReader(new InputStreamReader(connection.getInputStream()));
 
    String inputLine;
 
    while ((inputLine = br.readLine()) != null) {
 
      sb.append(inputLine);
 
    }
 
    br.close();
 
    return sb.toString();
 
  }