Uploaded image for project: 'Spring Social Facebook'
  1. Spring Social Facebook
  2. SOCIALFB-78

Automatic handling of expired/invalid tokens

    Details

    • Type: New Feature
    • Status: Resolved
    • Priority: Minor
    • Resolution: Complete
    • Affects Version/s: None
    • Fix Version/s: 2.0.0 Backlog
    • Component/s: None
    • Labels:
      None

      Description

      SOCIAL-263 speaks of automatically refreshing expired tokens per the OAuth 2 specification and https://jira.springsource.org/browse/SOCIALFB-66 speaks of how to deal with Facebook's new approach of extending the life of active tokens. But in the case where a Facebook access token is no longer valid, either because it has expired or because the user has changed their password, neither of these issues apply. In those cases, due to Facebook's non-compliance with the OAuth 2 spec, they require you to take the user back through the authorization process to obtain a new access token.

      Currently there is no support for this in Spring Social, therefore an application developer will have to handle a NotAuthorizedException on their own and take the necessary steps to guide the user through ConnectController's authorization flow.

      Spring Social should provide some support for handling this scenario automatically. Ideally, Spring Social would handle the NotAuthorizedException, remove the invalid connection, redirect the user through ConnectController for reauthorization with Facebook, and upon completion, complete the original request that was underway when the exception was thrown.

        Attachments

          Activity

            People

            • Assignee:
              habuma Craig Walls
              Reporter:
              habuma Craig Walls
            • Votes:
              4 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: