What is the correct way to store access token from OAuth callback

Question

Here's my working code to get access token on a Facebook User's behalf:

@Override
public void receiveCallback() {
    OAuthService service = new ServiceBuilder()
            .provider(FacebookApi.class)
            .apiKey(KEY)
            .apiSecret(SECRET)
            .callback("http://example.com/facebook_oath_callback/")
            .build();
    Verifier verifier = new Verifier(code);
    Token accessToken = service.getAccessToken(EMPTY_TOKEN, verifier);
    LOG.info("Got access token: " + accessToken);
}

It is able to redirect prior to this code and call this receiveCallback method via the facebook_oath_callback and is able to get the accecssToken properly.

I am thinking of storing this token in this kind of bean

class AccessToken {
  String facebookUID; // where to get this?
  String accessToken; 
}

However in the context of the callback method, that Facebook called back, there is no facebook UID that we can get to know who's access token is this for? What am I missing here?

score 3 · Accepted Answer · answered Apr 02 '15 at 14:06

You need another REST call to the Facebook Graph API to "inspect" the access token and in the JSON result from that call there's the user_id element that you're looking for. That is described here: https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow/v2.3#confirm

You would be interested in the section called "Inspecting access tokens".

What is the correct way to store access token from OAuth callback

1 Answers1