Search code examples
javafacebookauthenticationfacebook-loginfacebook-access-token

Get user accessToken with Java login for Facebook


I need to get my user_accessToken with Java login. Have i to use the FacebookOAuthResult? If yes, how? I write an Applet for login to Facebook. It works, but i can't get the token.

...
String GraphURL = "https://graph.facebook.com/me/friends?&access_token=" + token;
URL newURL = URL(GraphURL);
HttpsURLConnection https = (HttpsURLConnection)newURL.openConnection();
https.setRequestMethod("HEAD");
https.setUseCache(false);
...

//open a connection window like:
if(Desktop.isDesktopSupported())
{
Desktop.getDesktop().browse(new URI(GraphURL));
}
else if(...

here to get token. it is right?

String getTokenUrl = "https://www.facebook.com/dialog/oauth?client_id=MY_APP_ID&redirect_uri=https%3A%2F%2Fwww.facebook.com%2Fconnect%2Flogin_success.html&response_type=token&display=popup&scope=user_about_me%2Cread_stream%2C%20share_item";

Desktop desktop = Desktop.getDesktop();
desktop.browse(new URL(getTokenUrl).toURI());

URL tokenURL = new URL(getTokenUrl);
URLConnection connect = tokenURL.openConnection();

BufferedReader in = new BufferedReader(new InputStreamReader(connect.getInputStream()));

String inputLine;
StringBuffer bufferr = new StringBuffer();
while ((inputLine = in.readLine()) != null)
bufferr.append(inputLine + "\n");
in.close();

token = bufferr.toString();

HttpURLConnection myWebClient = (HttpURLConnection)url.openConnection();
myWebClient.setRequestMethod("HEAD");
myWebClient.setUseCaches(false);
//webClient..
try
{
String gAntwort = myWebClient.getResponseMessage(); 

if (myWebClient.getResponseCode() != HttpURLConnection.HTTP_OK)
{
//Not OK
//JOptionPane.showMessageDialog(null, conn.getResponseMessage(), "URL Response", JOptionPane.INFORMATION_MESSAGE);
}
init();
} catch (Exception d){

}

Solution

  • I do not think there is a way to get a user access token programmatically. Facebook requires the user's consent where the previously logged in user needs to press the "Okay" button in order to get a new access_token.

    However, there is a way to get an application access token if this is what you intended.

     public static void main(String[] args) {
        try {
    
            String myAppId = "XXX";
            String myAppSecret = "XXX";
            String redirectURI = "http://localhost:8080/";
    
            String uri = "https://graph.facebook.com/oauth/access_token?client_id=" +
                    myAppId +
                    "&client_secret=" + myAppSecret +
                    "&grant_type=client_credentials" +
                    "&redirect_uri=" + redirectURI +
                    "&scope=user_about_me";
    
            URL newURL = new URL(uri);
            ByteArrayOutputStream baos = new ByteArrayOutputStream();
            InputStream is = newURL.openStream();
            int r;
            while ((r = is.read()) != -1) {
                baos.write(r);
            }
            String response = new String(baos.toByteArray());
            is.close();
            baos.close();
    
            String TOKEN_INDEX = "accesss_token=";
            String token = response.substring(TOKEN_INDEX.length()-1);
    
            //API Call using the application access token
            String graph = "https://graph.facebook.com/v2.2/" + myAppId +
                    "?access_token=" + token;
    
            URL graphURL = new URL(graph);
            HttpURLConnection myWebClient = (HttpURLConnection) graphURL.openConnection();
    
            String responseMessage = myWebClient.getResponseMessage();
    
            if (myWebClient.getResponseCode() != HttpURLConnection.HTTP_OK) {
                System.out.println(myWebClient.getResponseCode() + " " + responseMessage);
            } else {
                System.out.println(responseMessage);
            }
            myWebClient.disconnect();
    
        } catch (Exception e) {
            System.err.println(e);
        }
    }
    

    Note that because this request uses your app secret, it must never be made in client-side code or in an app binary that could be decompiled. It is important that your app secret is never shared with anyone. Therefore, this API call should only be made using server-side code.

    Read here: https://developers.facebook.com/docs/facebook-login/access-tokens#pagetokens

    BTW, we, at Stormpath support really simple social login integration (Google, Github, Facebook, LinkedIn)