使用OAUTH 2.0验证并从Facebook Cookie获取数据 [英] Validate and get data from Facebook cookie using OAUTH 2.0

问题描述

我有一个GWT制作的网页。在那里我使用所有的登录Facebook的东西与操纵的gwtfb库，一切正常。

I have a web page made in GWT. There I use all the login facebook stuff with a manipulated gwtfb library, all works fine. After migrating to oauth 2.0 now the cookie sent to the server has changed to a encrypted one.

我想在服务器中获取一个实现的java示例代码与旧邮件相同：

I want to get a java example code that implements in the server the same than the old one:

• 我需要验证该呼叫，就像我在使用cookie之前所做的md5欺骗


• 从该Cookie获取数据：我需要Facebook用户。

如果可能不调用FB，只需使用cookie数据。

If possible not calling FB, just using the cookie data.

提前感谢。

推荐答案

好吧，虽然我有几个好的答案，我回答自己与我在我的博客写的：
http://pablocastilla.wordpress.com/2011/09/25/how-to-implement-oauth-f/

Well, although I have a few good answers I answer myself with what I have written in my blog: http://pablocastilla.wordpress.com/2011/09/25/how-to-implement-oauth-f/

现在cookie已经改变了很多：它被加密，没有accesstoken，它的内容格式已经改变了很多。这里有几个链接：

Now the cookie has changed a lot: it is encrypted, doesn't have the accesstoken and its content format has changed a lot. Here you have a few links talking about it:

http： //developers.facebook.com/docs/authentication/signed_request/

http://developers.facebook.com/docs/authentication/

http://blog.sociablelabs.com/2011/09/19/server-side-changes-facebook- oauth-2-0-upgrade /

因此，要验证cookie，从中获取用户并获取访问令牌，您可以使用此代码： / p>

So to validate the cookie, get the user from it and get the access token you could use this code:

public class FaceBookSecurity {

// return the fb user in the cookie.
public static String getFBUserFromCookie(HttpServletRequest request)
        throws Exception {
    Cookie fbCookie = getFBCookie(request);

    if (fbCookie == null)
        return null;

    // gets cookie value
    String fbCookieValue = fbCookie.getValue();

    // splits it.
    String[] stringArgs = fbCookieValue.split("\\.");
    String encodedPayload = stringArgs[1];

    String payload = base64UrlDecode(encodedPayload);

    // gets the js object from the cookie
    JsonObject data = new JsonObject(payload);

    return data.getString("user_id");

}

public static boolean ValidateFBCookie(HttpServletRequest request)
        throws Exception {

    Cookie fbCookie = getFBCookie(request);

    if (fbCookie == null)
        throw new NotLoggedInFacebookException();

    // gets cookie information
    String fbCookieValue = fbCookie.getValue();

    String[] stringArgs = fbCookieValue.split("\\.");
    String encodedSignature = stringArgs[0];
    String encodedPayload = stringArgs[1];

    //decode
    String sig = base64UrlDecode(encodedSignature);
    String payload = base64UrlDecode(encodedPayload);

    // gets the js object from the cookie
    JsonObject data = new JsonObject(payload);

    if (!data.getString("algorithm").Equals("HMAC-SHA256")) {
        return false;
    }

    SecretKey key = new SecretKeySpec(
            ApplicationServerConstants.FacebookSecretKey.getBytes(),
            "hmacSHA256");

    Mac hmacSha256 = Mac.getInstance("hmacSHA256");
    hmacSha256.init(key);
    // decode the info.
    byte[] mac = hmacSha256.doFinal(encodedPayload.getBytes());

    String expectedSig = new String(mac);

    // compare if the spected sig is the same than in the cookie.
    return expectedSig.equals(sig);

}

public static String getFBAccessToken(HttpServletRequest request)
        throws Exception {
    Cookie fbCookie = getFBCookie(request);

    String fbCookieValue = fbCookie.getValue();

    String[] stringArgs = fbCookieValue.split("\\.");
    String encodedPayload = stringArgs[1];

    String payload = base64UrlDecode(encodedPayload);

    // gets the js object from the cookie
    JsonObject data = new JsonObject(payload);

    String authUrl = getAuthURL(data.getString("code"));
    URL url = new URL(authUrl);
    URI uri = new URI(url.getProtocol(), url.getHost(), url.getPath(),
            url.getQuery(), null);
    String result = readURL(uri.toURL());

    String[] resultSplited = result.split("&");

    return resultSplited[0].split("=")[1];

}

// creates the url for calling to oauth.
public static String getAuthURL(String authCode) {
    String url = "https://graph.facebook.com/oauth/access_token?client_id="
            + ApplicationConstants.FacebookApiKey
            + "&redirect_uri=&client_secret="
            + ApplicationServerConstants.FacebookSecretKey + "&code="
            + authCode;

    return url;
}

// reads the url.
private static String readURL(URL url) throws IOException {

    InputStream is = url.openStream();

    InputStreamReader inStreamReader = new InputStreamReader(is);
    BufferedReader reader = new BufferedReader(inStreamReader);

    String s = "";

    int r;
    while ((r = is.read()) != -1) {
        s = reader.readLine();
    }

    reader.close();
    return s;
}

private static String base64UrlDecode(String input) {
    String result = null;
    Base64 decoder = new Base64(true);
    byte[] decodedBytes = decoder.decode(input);
    result = new String(decodedBytes);
    return result;
}

private static Cookie getFBCookie(HttpServletRequest request) {
    Cookie[] cookies = request.getCookies();

    if (cookies == null)
        return null;

    Cookie fbCookie = null;

    for (Cookie c : cookies) {
        if (c.getName().equals(
                "fbsr_" + ApplicationServerConstants.FacebookApiKey)) {
            fbCookie = c;
        }
    }

    return fbCookie;
}

}

这篇关于使用OAUTH 2.0验证并从Facebook Cookie获取数据的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！