使用OAUTH 2.0验证并从Facebook Cookie获取数据 [英] Validate and get data from Facebook cookie using OAUTH 2.0
问题描述
我有一个GWT制作的网页。在那里我使用所有的登录Facebook的东西与操纵的gwtfb库,一切正常。
I have a web page made in GWT. There I use all the login facebook stuff with a manipulated gwtfb library, all works fine. After migrating to oauth 2.0 now the cookie sent to the server has changed to a encrypted one.
我想在服务器中获取一个实现的java示例代码与旧邮件相同:
I want to get a java example code that implements in the server the same than the old one:
- 我需要验证该呼叫,就像我在使用cookie之前所做的md5欺骗
- 从该Cookie获取数据:我需要Facebook用户。
如果可能不调用FB,只需使用cookie数据。
If possible not calling FB, just using the cookie data.
提前感谢。
推荐答案
好吧,虽然我有几个好的答案,我回答自己与我在我的博客写的:
http://pablocastilla.wordpress.com/2011/09/25/how-to-implement-oauth-f/
Well, although I have a few good answers I answer myself with what I have written in my blog: http://pablocastilla.wordpress.com/2011/09/25/how-to-implement-oauth-f/
现在cookie已经改变了很多:它被加密,没有accesstoken,它的内容格式已经改变了很多。这里有几个链接:
Now the cookie has changed a lot: it is encrypted, doesn't have the accesstoken and its content format has changed a lot. Here you have a few links talking about it:
http: //developers.facebook.com/docs/authentication/signed_request/
http://developers.facebook.com/docs/authentication/
http://blog.sociablelabs.com/2011/09/19/server-side-changes-facebook- oauth-2-0-upgrade /
因此,要验证cookie,从中获取用户并获取访问令牌,您可以使用此代码: / p>
So to validate the cookie, get the user from it and get the access token you could use this code:
public class FaceBookSecurity {
// return the fb user in the cookie.
public static String getFBUserFromCookie(HttpServletRequest request)
throws Exception {
Cookie fbCookie = getFBCookie(request);
if (fbCookie == null)
return null;
// gets cookie value
String fbCookieValue = fbCookie.getValue();
// splits it.
String[] stringArgs = fbCookieValue.split("\\.");
String encodedPayload = stringArgs[1];
String payload = base64UrlDecode(encodedPayload);
// gets the js object from the cookie
JsonObject data = new JsonObject(payload);
return data.getString("user_id");
}
public static boolean ValidateFBCookie(HttpServletRequest request)
throws Exception {
Cookie fbCookie = getFBCookie(request);
if (fbCookie == null)
throw new NotLoggedInFacebookException();
// gets cookie information
String fbCookieValue = fbCookie.getValue();
String[] stringArgs = fbCookieValue.split("\\.");
String encodedSignature = stringArgs[0];
String encodedPayload = stringArgs[1];
//decode
String sig = base64UrlDecode(encodedSignature);
String payload = base64UrlDecode(encodedPayload);
// gets the js object from the cookie
JsonObject data = new JsonObject(payload);
if (!data.getString("algorithm").Equals("HMAC-SHA256")) {
return false;
}
SecretKey key = new SecretKeySpec(
ApplicationServerConstants.FacebookSecretKey.getBytes(),
"hmacSHA256");
Mac hmacSha256 = Mac.getInstance("hmacSHA256");
hmacSha256.init(key);
// decode the info.
byte[] mac = hmacSha256.doFinal(encodedPayload.getBytes());
String expectedSig = new String(mac);
// compare if the spected sig is the same than in the cookie.
return expectedSig.equals(sig);
}
public static String getFBAccessToken(HttpServletRequest request)
throws Exception {
Cookie fbCookie = getFBCookie(request);
String fbCookieValue = fbCookie.getValue();
String[] stringArgs = fbCookieValue.split("\\.");
String encodedPayload = stringArgs[1];
String payload = base64UrlDecode(encodedPayload);
// gets the js object from the cookie
JsonObject data = new JsonObject(payload);
String authUrl = getAuthURL(data.getString("code"));
URL url = new URL(authUrl);
URI uri = new URI(url.getProtocol(), url.getHost(), url.getPath(),
url.getQuery(), null);
String result = readURL(uri.toURL());
String[] resultSplited = result.split("&");
return resultSplited[0].split("=")[1];
}
// creates the url for calling to oauth.
public static String getAuthURL(String authCode) {
String url = "https://graph.facebook.com/oauth/access_token?client_id="
+ ApplicationConstants.FacebookApiKey
+ "&redirect_uri=&client_secret="
+ ApplicationServerConstants.FacebookSecretKey + "&code="
+ authCode;
return url;
}
// reads the url.
private static String readURL(URL url) throws IOException {
InputStream is = url.openStream();
InputStreamReader inStreamReader = new InputStreamReader(is);
BufferedReader reader = new BufferedReader(inStreamReader);
String s = "";
int r;
while ((r = is.read()) != -1) {
s = reader.readLine();
}
reader.close();
return s;
}
private static String base64UrlDecode(String input) {
String result = null;
Base64 decoder = new Base64(true);
byte[] decodedBytes = decoder.decode(input);
result = new String(decodedBytes);
return result;
}
private static Cookie getFBCookie(HttpServletRequest request) {
Cookie[] cookies = request.getCookies();
if (cookies == null)
return null;
Cookie fbCookie = null;
for (Cookie c : cookies) {
if (c.getName().equals(
"fbsr_" + ApplicationServerConstants.FacebookApiKey)) {
fbCookie = c;
}
}
return fbCookie;
}
}
这篇关于使用OAUTH 2.0验证并从Facebook Cookie获取数据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!