Announcement Announcement Module
No announcement yet.
ResourceAccessException: I/O error: peer not authenticated Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • ResourceAccessException: I/O error: peer not authenticated


    I try to use Spring Social in order to allow the user of my website to sign in using Facebook. As a start I would like to get the providerUserId. I have the following code in order to do so.

    FacebookConnectionFactory connectionFactory = (FacebookConnectionFactory) registry.getConnectionFactory("facebook");
    			OAuth2Operations oauthOperations = connectionFactory.getOAuthOperations();
    			//Get the access token
    			AccessGrant accessGrant = oauthOperations.exchangeForAccess(code, FACEBOOK_REDIRECT_URI, null);
    			Connection<Facebook> connection = connectionFactory.createConnection(accessGrant);
    			Facebook facebook = (Facebook) (connection != null ? connection.getApi() : new FacebookTemplate());
    			return facebook.userOperations().getUserProfile().getId();
    The following exception is thrown when the method "exchangeForAccess" is executed (I've checked the authorization code and it is valid)

    org.springframework.web.client.ResourceAccessExcep tion: I/O error: peer not authenticated; nested exception is peer not authenticated
    org.springframework.web.client.RestTemplate.doExec ute(
    org.springframework.web.client.RestTemplate.execut e(
    org.springframework.web.client.RestTemplate.postFo rObject( okOAuth2Template.postForAccessGrant(FacebookOAuth2 xchangeForAccess(
    Since I'm only testing in local, my web server uses a self-signed certificate for SSL. Is it the root of the problem ? If yes is there a way to disable this check ?

    In advance thank you

  • #2
    At first read, it sounds like your guess is right. But if you're testing against Facebook (as I'd expect if you're exchanging the authorization code for an access token), then it shouldn't matter what your app's certificate're communicating with Facebook at that point and it's their certificate that is in play. That is, unless for purposes of testing your FACEBOOK_REDIRECT_URI is set to some local server and not the real Facebook. If that's the case, then I could see it happening as you suggested.

    I gotta ask, though...why are you rolling this yourself instead of using Spring Social's ProviderSignInController? Is it that you're not using Spring MVC and thus don't want introduce a controller? Or are you doing something unique that ProviderSignInController doesn't support? In either case, I'd like to understand why you're not using ProviderSignInController so that if there is something missing I can consider adding it.


    • #3
      FACEBOOK_REDIRECT_URI is indeed an address on my local server but I cannot do otherwise since the address must be the same as the one specified to get the authorization code. I don't understand what you mean by "the real Facebook" since the redirect_uri is used by Facebook to redirect the client. Did you mean the address registered in Facebook for this website?

      I'm not using the ProviderSignInController because at the moment I don't have a UsersConnectionRepository. It seemed pretty simple to test without it.


      • #4
        Let this be a lesson to me: Don't answer forum questions before having adequate morning caffeine. You're right...the redirect URI is fine as local. But that still shouldn't have anything to do with what's going on at line 104 in that point it's making a REST call to Facebook's authorization endpoint to exchange the auth code for an access token. Your server's certificate should have no bearing on that.

        Is it still/currently failing in this way for you? I know I tried it on my machine here a moment ago with no issue whatsoever. Wondering if it was a temporary hiccup on FB's end. If it is still happening, is there by chance a firewall/proxy you're going through that may be causing the issue?


        • #5
          I've found my mistake. It was in the configuration of my webserver. Sorry for the inconvenience and thank you for the replies