Facebook Login Integration

In the good old days users logged in by using the combination of username and password. Although nowadays some people still prefer the traditional way, a growing number of users want to sign in by using their social media accounts. But it’s getting rare and even a bit annoying when a service rolls up its own authentication mechanism instead of relying on a OAuth sign-on with our social networks. Login via social networks means fewer passwords to remember, and stronger guarantees in terms of security because you can check and control the Authorizations of the applications you use.
To Integrate Facebook Login in your application First You need to to create a web application in Facebook. After logging in to https://developers.facebook.com/ under Apps menu click “Create a New App”

Facebook Application Settings

We need to specify the application callback url in the FB settings. This will be used by the FB server on authentication to hand back control to our application.


Facebook will never call the application URL directly. A request will be sent back as response to the client browser with the callback url. The browser does the request.

Facebook OAuth Authentication Sequence Flow:


Steps involve in Facebook OAuth :

  1. On access of an url or in welcome page the Facebook Login button is shown. The user will click the FB button to login into the Java web application. On click of that button a Facebook URL will be invoked.
  2. Facebook will validate the application ID and then will redirect to its login page.
  3. User will enter the FB login credentials and submit the form.
  4. Facebook will validate the credentials and then redirect back to the browser with a request to forward to the redirect_url. Redirect_url is the URL in our application which will take care of further processing.
  5. Browser will call the redirect url.
  6. Redirect URL page will again call the Facebook to request for access_token.
  7. Facebook on validation success will respond back with access_token.
  8. Redirect URL page will again call the Facebook to request for user data by sending the access_token.
  9. Facebook on validating the access_token will respond back with user data requested.
  10. Redirect URL page will forward to a page showing user data in the client browser.

Facebook Get Access Token:


package com.uma.toDoApp.facebook;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLConnection;
import java.net.URLEncoder;

public class FBConnection {
public static final String FB_APP_ID = "455615694791777";
public static final String FB_APP_SECRET = "a5a40defe3n41uig19802f5ab8cdt250";
public static final String REDIRECT_URI = "http://localhost:8080/toDoApp/postFacebookLogin";

static String accessToken = "";

public String getFBAuthUrl() {
String fbLoginUrl = "";
try {
fbLoginUrl = "http://www.facebook.com/dialog/oauth?" + "client_id="
+ FBConnection.FB_APP_ID + "&redirect_uri="
+ URLEncoder.encode(FBConnection.REDIRECT_URI, "UTF-8")
+ "&scope=email";
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
return fbLoginUrl;
}

public String getFBGraphUrl(String code) {
String fbGraphUrl = "";
try {
fbGraphUrl = "https://graph.facebook.com/oauth/access_token?"
+ "client_id=" + FBConnection.FB_APP_ID + "&redirect_uri="
+ URLEncoder.encode(FBConnection.REDIRECT_URI, "UTF-8")
+ "&client_secret=" + FB_APP_SECRET + "&code=" + code;
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
return fbGraphUrl;
}

public String getAccessToken(String code) {
if ("".equals(accessToken)) {
URL fbGraphURL;
try {
fbGraphURL = new URL(getFBGraphUrl(code));
} catch (MalformedURLException e) {
e.printStackTrace();
throw new RuntimeException("Invalid code received " + e);
}
URLConnection fbConnection;
StringBuffer b = null;
try {
fbConnection = fbGraphURL.openConnection();
BufferedReader in;
in = new BufferedReader(new InputStreamReader(
fbConnection.getInputStream()));
String inputLine;
b = new StringBuffer();
while ((inputLine = in.readLine()) != null)
b.append(inputLine + "\n");
in.close();
} catch (IOException e) {
e.printStackTrace();
throw new RuntimeException("Unable to connect with Facebook "
+ e);
}

accessToken = b.toString();
if (accessToken.startsWith("{")) {
throw new RuntimeException("ERROR: Access Token Invalid: "
+ accessToken);
}
}
return accessToken;
}
}

Get Facebook Graph Profile:
package com.uma.toDoApp.facebook;


 import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.net.URL;
import java.net.URLConnection;
import java.util.HashMap;
import java.util.Map;
import org.json.JSONException;
import org.json.JSONObject;

public class FBGraph {
private String accessToken;
public FBGraph(String accessToken) {
this.accessToken = accessToken;
}
public String getFBGraph() {
String graph = null;
try {
String g = "https://graph.facebook.com/me?" + accessToken;
URL u = new URL(g);
URLConnection c = u.openConnection();
BufferedReader in = new BufferedReader(new InputStreamReader(
c.getInputStream()));
String inputLine;
StringBuffer b = new StringBuffer();
while ((inputLine = in.readLine()) != null)
b.append(inputLine + "\n");
in.close();
graph = b.toString();
System.out.println(graph);
} catch (Exception e) {
e.printStackTrace();
throw new RuntimeException("ERROR in getting FB graph data. " + e);
}
return graph;
}
public Map getGraphData(String fbGraph) {
Map fbProfile = new HashMap();
try {
JSONObject json = new JSONObject(fbGraph);
fbProfile.put("id", json.getString("id"));
fbProfile.put("first_name", json.getString("first_name"));
if (json.has("email"))
fbProfile.put("email", json.getString("email"));
if (json.has("gender"))
fbProfile.put("gender", json.getString("gender"));
} catch (JSONException e) {
e.printStackTrace();
throw new RuntimeException("ERROR in parsing FB graph data. " + e);
}
return fbProfile;
}
}


Application Redirect URI:
package com.uma.toDoApp.facebookController;


import java.io.IOException;
import java.util.Map;

import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class FacebookController extends HttpServlet {

private static final long serialVersionUID = 1L;
private String code="";

public void service(HttpServletRequest req, HttpServletResponse res)
throws ServletException, IOException {
code = req.getParameter("code");
if (code == null || code.equals("")) {
throw new RuntimeException(
"ERROR: Didn't get code parameter in callback.");
}
FBConnection fbConnection = new FBConnection();
String accessToken = fbConnection.getAccessToken(code);

FBGraph fbGraph = new FBGraph(accessToken);
String graph = fbGraph.getFBGraph();
Map<String, String> fbProfileData = fbGraph.getGraphData(graph);
ServletOutputStream out = res.getOutputStream();
out.println("<h1>Facebook Login using Java</h1>");
out.println("<h2>Application Main Menu</h2>");
out.println("<div>Welcome "+fbProfileData.get("first_name"));
out.println("<div>Your Email: "+fbProfileData.get("email"));
out.println("<div>You are "+fbProfileData.get("gender"));
}

}


Comments

Post a Comment

Popular posts from this blog

JIT Compiler

Image
The Just-In-Time (JIT) compiler is a component of the Java Runtime Environment that improves the performance of Java applications at run time. Java programs consists of classes, which contain platform neutral bytecode that can be interpreted by a JVM on many different computer architectures. At run time, the JVM loads the class files, determines the semantics of each individual bytecode, and performs the appropriate computation. The additional processor and memory usage during interpretation means that a Java application performs more slowly than a native application. The JIT compiler helps improve the performance of Java programs by compiling bytecode into native machine code at run time.  Nothing in the JVM affects performance more than the compiler, and choosing a compiler is one of the first decisions made when running a Java application whether you are a Java developer or an end-user. The JIT compiler is enabled by default, and is activated when a Java method is c
Read more

Authentication using One Time Password (OTP)

Image
The point of two-factor authentication is to prevent attackers from getting access to your account. Two-factor authentication requires that two tokens be provided for proof of ownership of the account. The first token is something that we're all familiar with- a username and a password. The second token is a bit more elusive, however. It should be something you have, and only you. No one else should be able to come into possession with the same token. The same should be true for usernames and passwords, but we've seen how easily broken a single-factor authentication system is.  The traditional way of just memorizing the password to validate one’s identity is not enough and web sites and applications are now expecting one to possess email Id or a smartphone to communicate with another short-lived randomized password, One Time Password (OTP) , as one more factor to the authentication. The first approach in the implementation of the two factor authenticati
Read more

JWT to Secure REST API with Spring Boot

Image
JWT Working Flow T o Secure your Rest services and the way to handle users Authentication/Authorization, First Approach is sending basic HTTP auth headers (username/password) for every request, but that would require to keep those credentials in memory and the service would have to check those credentials .So this’s not the best way. This is why REST services typically use a token system. A standard token system returns a 'token' (just a long unique string of random characters, for example a GUID) on successful login. The client in turn then sends this token in every request’s Authorization header. The service, on every request, 'rehydrates' its context by looking up the context on the server side. This context can be stored in a DB, retrieved from a Redis cache or simply stored in memory in a hash table. The downside of this approach is that for every REST method you will need to do this lookup in the database or cache. And then comes JSON Web Tokens, or JWT
Read more