Announcement Announcement Module
Collapse
No announcement yet.
facebook authorization returning Missing client_id witn ConnectController Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • facebook authorization returning Missing client_id witn ConnectController

    Hello
    My app with spring social facebook was working well and the token expired today, so i tried to re authorize but i now get the error

    Code:
    WARN : org.springframework.web.client.RestTemplate - POST request for "https://graph.facebook.com/oauth/access_token" resulted in 400 (Bad Request); invoking error handler
    WARN : org.springframework.social.ConnectSupport - HttpClientErrorException while completing connection: 400 Bad Request
    WARN : org.springframework.social.ConnectSupport -       Response body: {"error":{"message":"Missing client_id parameter.","type":"OAuthException","code":101}}
    WARN : org.springframework.social.ConnectController - Exception while handling OAuth2 callback (400 Bad Request). Redirecting to facebook connection status page.

    Can you please explain this ? Am i doing something wrong?

    Sincerely

  • #2
    By any chance are you using the latest snapshot builds in your project? If so, then I can possibly explain it. If not, then I don't know...it says the client_id is missing, but I know of only one thing that would cause that to happen and it'd mean that you are using the latest snapshots.

    Here's the deal on the latest snapshots: Per the OAuth2 specification (the latest several drafts) there are 2 ways to authenticate the *client* (not the user) when doing an exchange for an access token: (1) via HTTP Basic authentication or (2) via client_id/client_secret parameters. The spec says that the provider MUST support HTTP Basic authentication and MAY support sending credentials via parameters. (See http://tools.ietf.org/html/draft-iet...31#section-2.3)

    Yesterday I updated OAuth2Template to reflect this portion of the spec. Since HTTP Basic is a requirement, I made it the default behavior, but you may opt to use parameters by setting the useParametersForClientAuthentication property to true. Yes, this is a breaking change, but I decided to go this route because (1) it is to be part of 1.1.0 and won't be applied to 1.0.x, (2) going forward HTTP Basic authentication is expected to be the normal route and not the optional choice, and (3) unless you're using OAuth2Template directly, it shouldn't matter to you because a corresponding change will have also been made in the various service provider implementations to account for it.

    If I'm right and if you are using a snapshot build, then the reason it's breaking for you is because Facebook does not yet support HTTP Basic for client authentication. But what still confuses me here is that I also made the corresponding change to the Facebook module to hide that detail from you. In other words, if your project is using the latest 1.1.0.BUILD-SNAPSHOT versions of *both* the core and the Facebook modules, then you shouldn't have encountered this problem.

    Let me know what versions you're working with or if you have any other questions.

    Comment


    • #3
      Thanks for posting this info! Saved me a couple of hours of debugging. :-)

      Comment

      Working...
      X