Announcement Announcement Module
No announcement yet.
How to handle Facebook connection expired Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to handle Facebook connection expired

    Hi guys,

    we're facing the issue of having an expired Facebook token for a user in our DB, so we thought about doing sth. like this:

    // refresh FB connection in case of expired access token...
    if (facebookConnection.hasExpired())

    But this results in the exception attached below, so our simple question: how can we somehow extend the token???

    Cheers, FLorian;

    SCHWERWIEGEND: Servlet.service() for servlet [dispatcher] in context with path [/helios] threw exception [Request processing failed; nested exception is org.springframework.web.client.HttpClientErrorExce ption: 400 Bad Request] with root cause
    org.springframework.web.client.HttpClientErrorExce ption: 400 Bad Request
    at org.springframework.web.client.DefaultResponseErro rHandler.handleError(DefaultResponseErrorHandler.j ava:76)
    at org.springframework.web.client.RestTemplate.handle ResponseError(
    at org.springframework.web.client.RestTemplate.doExec ute(
    at org.springframework.web.client.RestTemplate.execut e(
    at org.springframework.web.client.RestTemplate.postFo rObject(
    at okOAuth2Template.postForAccessGrant(FacebookOAuth2
    at efreshAccess(
    at onnection.refresh(
    at com.helios.web.controller.CommonController.profile (
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Nativ e Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(Native
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(De
    at java.lang.reflect.Method.invoke(
    at ndlerMethod.invoke( )
    at ndlerMethod.invokeForRequest(InvocableHandlerMetho
    at org.springframework.web.method.annotation.ModelFac tory.invokeModelAttributeMethods( :123)
    at org.springframework.web.method.annotation.ModelFac tory.initModel(
    at org.springframework.web.servlet.mvc.method.annotat ion.RequestMappingHandlerAdapter.invokeHandlerMeth od(
    at org.springframework.web.servlet.mvc.method.annotat ion.RequestMappingHandlerAdapter.handleInternal(Re
    at org.springframework.web.servlet.mvc.method.Abstrac tHandlerMethodAdapter.handle(AbstractHandlerMethod
    at org.springframework.web.servlet.DispatcherServlet. doDispatch(
    at org.springframework.web.servlet.DispatcherServlet. doService(
    at org.springframework.web.servlet.FrameworkServlet.p rocessRequest(
    at org.springframework.web.servlet.FrameworkServlet.d oGet(
    at javax.servlet.http.HttpServlet.service(HttpServlet .java:621)
    at javax.servlet.http.HttpServlet.service(HttpServlet .java:722)
    at ternalDoFilter(
    at Filter(
    at$ VirtualFilterChain.doFilter( 311)
    at FilterSecurityInterceptor.invoke(FilterSecurityInt
    at FilterSecurityInterceptor.doFilter(FilterSecurityI
    at$ VirtualFilterChain.doFilter( 323)
    at ranslationFilter.doFilter(ExceptionTranslationFilt
    at$ VirtualFilterChain.doFilter( 323)
    at nagementFilter.doFilter(SessionManagementFilter.ja va:101)
    at$ VirtualFilterChain.doFilter( 323)
    at onymousAuthenticationFilter.doFilter(AnonymousAuth
    at$ VirtualFilterChain.doFilter( 323)
    at memberme.RememberMeAuthenticationFilter.doFilter(R
    at$ VirtualFilterChain.doFilter( 323)
    at tyContextHolderAwareRequestFilter.doFilter(Securit
    at$ VirtualFilterChain.doFilter( 323)
    at estCacheAwareFilter.doFilter(RequestCacheAwareFilt
    at$ VirtualFilterChain.doFilter( 323)
    at stractAuthenticationProcessingFilter.doFilter(Abst
    at$ VirtualFilterChain.doFilter( 323)
    at gout.LogoutFilter.doFilter(
    at$ VirtualFilterChain.doFilter( 323)
    at ontextPersistenceFilter.doFilter(SecurityContextPe
    at$ VirtualFilterChain.doFilter( 323)
    at doFilter(
    at org.springframework.web.filter.DelegatingFilterPro xy.invokeDelegate(
    at org.springframework.web.filter.DelegatingFilterPro xy.doFilter(
    at ternalDoFilter(
    at Filter(
    at org.springframework.web.filter.CharacterEncodingFi lter.doFilterInternal( :88)
    at org.springframework.web.filter.OncePerRequestFilte r.doFilter(
    at ternalDoFilter(
    at Filter(
    at org.apache.catalina.core.StandardWrapperValve.invo ke(
    at org.apache.catalina.core.StandardContextValve.invo ke(
    at org.apache.catalina.authenticator.AuthenticatorBas e.invoke(
    at org.apache.catalina.core.StandardHostValve.invoke(
    at org.apache.catalina.valves.ErrorReportValve.invoke (
    at org.apache.catalina.valves.AccessLogValve.invoke(A
    at org.apache.catalina.core.StandardEngineValve.invok e(
    at org.apache.catalina.connector.CoyoteAdapter.servic e(
    at org.apache.coyote.http11.AbstractHttp11Processor.p rocess(
    at org.apache.coyote.AbstractProtocol$AbstractConnect ionHandler.process(
    at java.util.concurrent.ThreadPoolExecutor$ Task(
    at java.util.concurrent.ThreadPoolExecutor$ (

  • #2

    I don't believe the refresh() call is supported by the current Facebook spring social implementation due to a limitation with the way Facebook issues tokens.

    I thought I'd reply with details of a thread on the forum which address the issue you raise:

    From this thread:

    "Per the specification, clients can renew expired tokens by issuing a refresh token in exchange for a new access token. And *most* providers implement that part of the specification, too. Facebook, however, does not. "

    This thread discusses possible solutions to this, and I believe there is a JIRA for a potential solution targeted for a 1.1 version of Spring Social:

    Hope this helps,



    • #3
      As Michael said, Facebook's a different animal and doesn't support refresh tokens (even though they do expire their tokens). The *only* way to get a new access token with Facebook is to go through the authorization flow again. Doing so won't bother the user with an authorization page, though, as long as the authorization is still valid (tokens expire, but authorization are long-lived). If the authorization is still good and as long as you don't ask for any additional scope, Facebook will immediately redirect back without prompting the user with an authorization page.

      SOCIAL-328 is still a work in progress, but it's coming along very nicely. It'll likely be in an upcoming milestone release of Spring Social 1.1.0 (either milestone 2 or milestone 3). It works by handling bad token exceptions of *any* reason (expired, revoked, etc) at the servlet level and redirecting the user through the authorization flow again. This means that it works for not only Facebook's oddball way of token renewal, but for any other provider where the token has gone bad.