Announcement Announcement Module
No announcement yet.
Backend admin account to maintain facebook operation Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Backend admin account to maintain facebook operation

    I am exploring Spring social facebook.

    I need to achieve the following:
    1 backend account(web server manage) to maintain entries in a facebook album
    user account (signin from web page)

    1) Basically, once the user signin using his own authentication he will perform some operation on the album
    2) Server app will use the user access token to add the entry
    3) For certain operation the admin module will use the backend maintained account to edit the entries created

    How do i maintain 2 sets of access token in spring social facebook?

  • #2
    It sounds like you have two users here (a regular user and an admin user). Therefore, each would create their own connection (each of which carries its own access token). The connect framework (e.g., ConnectController, et al) won't have any problem handling this scenario.

    Or am I missing something about your requirements that ConnectController can't handle?


    • #3
      What i am hoping to achieve is to have a connection that the server side can maintain without going through the signin process like the quick start.

      Ideally, i would like to use some codes to create and maintain a connection on server side.

      Is there an example that i could follow


      • #4
        The only mechanism that Facebook supports for obtaining an access token on the server side (without going through the authorization process) is client credentials grant (you can get to it via OAuth2Operations.authenticateClient() ). But the access token you get there is limited in its capabilities and I do not believe you'd be able to use it as you want.

        If the album you want to manage belongs to a Facebook Page (as opposed to belonging to a Facebook User), you might have some options. I don't recall the details off the top of my head, but you should be able to obtain a Page administrator access token and use it.

        Spring Social supports performing page operations on behalf of an authorizing user, but that'd require that the user go through the process that you don't want the admin user to go through.

        I'm not saying that it's impossible to do what you want, but I don't believe Spring Social directly supports it. And even then, I'm not sure what the process would be with Facebook's API. More research would need to be done. If you open an improvement issue at, I'll be happy to add it to the TODO list and look into it.


        • #5
          OAuth2Operations.authenticateClient() indead have very limited access.

          Will i be able to use exchangeCredentialsForAccess instead? I have tried to use it but got a 400 error


          • #6
            exchangeCredentialsForAccess() implements OAuth 2's Resource Owner Credentials Grant. Unfortunately, Facebook doesn't support that kind of grant. If it did, that'd be precisely what I'd recommend to you for admin purposes. But as it doesn't support ROCG, you really have no choice but to obtain the token via redirect.


            • #7
              I've a similar problem and I solved it in this way when, server side, I need to perform operations with the administrator credentials:
              - I asked for the offline permission on the application
              - I take the token of the administrator from the UserConnection table
              - I create a custom FacebookTemplate with that token and I use it to perform the administrator operations
              The problem is that the token has a limited expire time (around one month I think), so the administrator still has to login every once a while, to refresh it.