The access token is sort of a key that enables an app to make changes in a facebook profile on behalf of a user. There are different kinds of access tokens.
- User access tokens- used to modify data on facebook on behalf of a specific user
- App access token- used to read and make changes in the app settings
- Page access token- used to modify and read data behalf of a specific page
- Client access token- used to acces app level APIs (not a secret like the above tokens as this token is supposed to be embedded in a native mobile or desktop app)
So the above description is a simple and very simple explanation about access tokens, so if you want to furthur learn, which you will have to do if you are going to make a facebook app, refer to the following link,
So lets get down to our business of getting this token string.
There are many ways of getting this done. so I will list down some.
- Directly calling the API (eg:- facebook graph API.)
- Using a third party library which is specifically designed to do the OAuth dance(the method of getting the access token using the OAuth) (eg:-Scribe)
- Using a third party library which is designed specific for a particular web site(eg:- Facebook4j, RestFB)
- Using a framework(eg:-Spring social)
- Using some built in functionality provided in some framework which is designed for some other purpose(eg:-Using Codenameone framework)
So just so you know, OAuth is an open standard designed to do authorization. Since the users cannot give their credential(password) to an app in order to make changes on behalf of them in a particular profile, it is required to provide a way that would let the authorization part to be done between the user and the specific service provider(web site) without the app getting involved.
So the way is, that the user authorizes the app and the app gets an access token which provides the access to an authorized set of actions on a web page on behalf of the user.
So here is the basic OAuth dance for OAuth2.0 (facebook uses OAuth2.0)
So this is the whole process. But when it comes to coding it is a little confusing for some new developers. Especially if you are making a native app which needs to access the profile data and modify it, you might have found that it is difficult to get the authorization code as it is not a web app running on a particular web page.
So as a solution, Facebook suggests to have embedded our own web browser to load these pages. So in the comming posts I will explain how to make a simple web browser using javafx.
So here is the code that I used in one of my projects. I have done this using scribe-1.3.5 which is a library designed to handle OAuth stuff.
private static OAuthService service;
public static void doOAuth_2_0Dance() {
String authURL = getAuthUrl(APP_ID, APP_SECRET);
//this method gets the app_secret and app_id and
//forms a URL to call the graph API
synchronized (waitingObj) {
// I have made this thread to synchronize and
//wait in the pool of waitingObj Object
// so when I get the auth code I can call call waitingObj.notifyAll()
//so that this thread will start doing the rest
try {
goGetCode(authURL);
//So this method internally opens the embedded
//web browser and loads the facebook page
//then the user loggs in authorizes the app and
//then facebook will redirect the user into a callback url
//which will be provided at the authURL above
//-not a standard method (one of my methods calls)
waitingObj.wait();
// calls the thread to wait till the user wakes up the
// thread by authorizing the app
} catch (InterruptedException ex) {
}
}
String accessToken = getToken(userAuthCode);
// this method takes the auth code and calls necessary methods
//to trade the auth code for an access token from facebook
storeAccessTokenDetails(accessToken);
//finally storing access token - not standard
}
public static String getAuthUrl(String appId, String appSecret) {
String apiKey = appId;
String apiSecret = appSecret;
service = new ServiceBuilder()
.provider(FacebookApi.class)
.apiKey(apiKey)
.apiSecret(apiSecret)
.callback()
.scope()
.build();
// permission string example
//"user_photos,publish_stream,publish_actions,offline_access"
String authorizationUrl = service.getAuthorizationUrl(EMPTY_TOKEN);
return authorizationUrl;
}
public static String getToken(String code) {
Verifier verifier = new Verifier(userAuthCode);
// make a verifier using the code recieved
Token accessToken = service.getAccessToken(EMPTY_TOKEN, verifier);
//assingn an object of Token with another empty token of type Token
OAuthRequest request=new OAuthRequest(Verb.GET,"https://graph.facebook.com/me");
// define the graph API endpoint and the http method that needs to be called
service.signRequest(accessToken, request);
Response response = request.send();
//sending the request
return accessToken.getToken();
}
Consider some of the parts that indicate best practises have been removed for the purpose of gaining simplicity.
Comments
Post a Comment