Announcement Announcement Module
No announcement yet.
Facebook invalidating access token Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Facebook invalidating access token


    This is praveen
    I am trying to get facebook user comment replays...

    FacebookTemplate ft=new FacebookTemplate();
    ft=new FacebookTemplate(app_accesstoken);

    List<Comment> comment = ft.commentOperations().getComments(commment_id);

    but at this i am getting this error

    2012-04-26 17:11:45,458 [tomcat-http--50] WARN org.springframework.web.client.RestTemplate - GET request for "" resulted in 401 (Unauthorized); invoking error handler Error invalidating access token: Session does not match current stored session. This may be because the user changed the password since the time the session was created or Facebook has changed the session for security reasons.
    at ookErrorHandler.handleFacebookError(FacebookErrorH
    at ookErrorHandler.handleError(FacebookErrorHandler.j ava:60)
    at org.springframework.web.client.RestTemplate.handle ResponseError(
    at org.springframework.web.client.RestTemplate.doExec ute(
    at org.springframework.web.client.RestTemplate.execut e(
    at org.springframework.web.client.RestTemplate.getFor Object(
    at ookTemplate.fetchConnections( :185)
    at ntTemplate.getComments(
    at ntTemplate.getComments(
    at com.iconma.socialtv.service.UserCommentReplyServic e.findUserCommentReplyByComid(UserCommentReplyServ
    at com.iconma.socialtv.web.UsercommentreplyController .getReplies(
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Nativ e Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(Native
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(De
    at java.lang.reflect.Method.invoke(

    In this url ""--
    it showing the commets..

    How to resolved this problem


  • #2
    The error message is self-explanatory: If the Facebook user changes their password, then any access tokens they've granted will be invalidated. That looks like what has happened here.

    In that case, the only course of action is to force the user through the authorization process again. This is a Facebook-specific quirk and there's currently nothing in Spring Social to help you deal with it automatically. Instead, what you'll need to do is react to that exception by taking the user through the authorization flow (that is, disconnect their existing connection and then run them through the connection flow again). It's unfortunate you have to do this, but that's the way Facebook behaves when the user changes their password.

    One way that *might* work (however, I've not tried this yet) is to have a servlet filter that: (1) catches the exception, (2) "remembers" the current request--perhaps by storing info about the request in the session, (3) disconnects the existing connection and redirects to ConnectController for reauthorization, (4) upon completion of the connection completes the original request. At a high level this makes sense, but I'm not sure you can do #4 as things are because ConnectController will want to redirect to the connection status page after a connection is made. Work will need to be done in ConnectController to allow you to specify a landing page.

    Going forward, Spring Social may have some support for dealing with this automatically. I am already thinking of handling expired access tokens by doing automatic refreshes, but perhaps there's some ready-to-use filter or some such thing that I could provide to help with Facebook's quirks. I've created to address this and would like to have it in one of the 1.1.0 milestones (although I've not assigned it to a specific one yet, so no promises on the timing are implied).

    In the meantime, unfortunately, you'll have to handle this scenario yourself by catching the exception and taking the steps to create a new connection.


    • #3
      fb RateLimitExceededException

      Thank's for replay me..

      But i am not chenge the my facebook password but i loged in to facebook as 2 to 3 hr later i done this.

      then also i get this error... " : Error invalidating access token: Session does not match current stored session. This may be because the user changed the password since the time the session was created or Facebook has changed the session for security reasons.
      at ookErrorHandler.handleFacebookError(FacebookErrorH"

      i post the commets in to fb after 15 comments it is not post in to fb, it gives "RateLimitExceededException " exception.
      may be fb every day taking limit of comments .



      • #4
        Well, unless you've asked for "offline_access" scope (which, btw, is being deprecated...I'm still sorting through the implications, though) your token is only good for about 2 hours. If you come back over 2 hours later and try to use that same token, then that probably explains the exception. You're going to have to either ask for "offline_access" scope (at least until July 5 when they disable it) or you're going to have to go through the authorization process again.

        And, if your app is posting too much within a given time period, Facebook is going to rate limit you, thus the explanation of the RateLimitExceededException. It's unclear what limits FB has, but clear about 15 comments in a row is probably more than FB wants your app to do.