I have a Grails project (v2.4.2) that is making use of the spring-security-facebook:0.17 plugin to authenticate via Spring Security. At first sight, all seems well. However, there is a large set of users that for some unknown reason I cannot access their email address. I am using spring social to grab the email. I have permission and it is set in the scope. Here is a code snippet where I authenticate a new user:
log.info("Create domain for facebook user $token.uid")
//Use Spring Social Facebook to load details for current user from Facebook API
log.info("create: FacebookAuthToken: $token")
log.info("created FacebookAuthToken.FacebookAccessToken = ${token.accessToken}")
Facebook facebook = new FacebookTemplate(token.accessToken.accessToken)
org.springframework.social.facebook.api.User fbProfile = facebook.userOperations().getUserProfile()
// Check if email is actual granted because in production some are coming back null
boolean isEmailGranted=false
List<Permission> permissions = facebook?.userOperations()?.getUserPermissions()
String permissionString = "["
for (int i=0;i<permissions.size();i++) {
permissionString += "["+ permissions[i].getName() + ":" + permissions[i].getStatus()+"]"
if (permissions[i].getName()=="email" && permissions[i].isGranted())
isEmailGranted=true
}
permissionString += "]"
log.info("create: Facebook Permissions = " + permissionString)
def grailsWebRequest = WebUtils.retrieveGrailsWebRequest()
def flash = grailsWebRequest.flashScope
if (!isEmailGranted) {
log.warn("create: Unable to subscribe facebook user because email priviledge was not granted.")
flash.message = 'Login to Facebook failed. We must have access to your email address in order to proceed with login.'
throw new InsufficientAuthenticationException("Facebook email not accessible")
}
log.info("created: ")
String email = fbProfile.getEmail()
String firstName = fbProfile.getFirstName()
String lastName = fbProfile.getLastName()
String fullName = fbProfile.getName()
String username = firstName
String password = token.accessToken.accessToken
if (!email) {
log.error("create: Permission was granted to use facebook email but the value is null.")
flash.message = 'Login to Facebook failed. We are temporarily unable to access your email although permission has been granted'
throw new InsufficientAuthenticationException("Facebook email not accessible for unknown reason")
}
Why would I receive an empty email when permission has been granted? Is there a preferred method for handling this behavior (other than failing the authentication and making up a fake email address). Many thanks!
The documentation for the 'email' field of the 'user' object ( https://developers.facebook.com/docs/reference/api/user/ ) clarifies the expected behaviour here, which is:
"this field will not be returned if no valid email address is available"
There is a detailed explanation about different situations where an email won't be sent. Please check it out:
https://developers.facebook.com/bugs/298946933534016/
I hope it helps.
Related
I have the following code to try connect the authenticator
var auth = new OAuth2Authenticator (
appId,
"email",
new Uri ("https://m.facebook.com/dialog/oauth/"),
new Uri ("http://www.facebook.com/connect/login_success.html"));
and when the dialog shows, I can see that it is requesting permission to see my email. But how do I get that email from the service?
I make the following call to get the Facebook ID
var request = new OAuth2Request ("GET", new Uri ("https://graph.facebook.com/me"), null, args.Account);
request.GetResponseAsync ().ContinueWith (t => {
var obj = JsonValue.Parse (t.Result.GetResponseText ());
var id = obj ["id"];
});
But there is no email in the reponse that I get back. How can I get the email address of the user?
The lastest API version (2.4 at time of writing) uses Declarative Fields, so you need to explicitly request the email field like this:
https://graph.facebook.com/me?fields=email
I would like to fetch a user's email using the C# Facebook SDK. How can I do so? I've tried the code below, but I just get an empty email. Is it because I somehow need to ask for more rights? If so, how do I do that?
Facebook.FacebookClient fbc = new Facebook.FacebookClient(user.MobileServiceAuthenticationToken);
dynamic clientCredentials = await fbc.GetTaskAsync("oauth/access_token",
new{client_id = facebookClientId,client_secret = facebookClientSecret,
grant_type = "client_credentials",redirect_uri = "https://xxx.azure-mobile.net/signin-facebook"});
fbc.AccessToken = clientCredentials.access_token;
fbc.AppId = facebookClientId;
fbc.AppSecret = facebookClientSecret;
string id = user.UserId.Replace("Facebook:", string.Empty);
dynamic result = await fbc.GetTaskAsync(id + "?fields=id,name,picture,last_name,first_name,gender");
Best regards
TJ78
You need to gather the email permission in the login Url's scope parameter, otherwise you will not be able to receive the email field.
My application exposes a REST API for services and uses SpringSecurity to manage login at the private services.
With custom signup and login I don't have any kind of problem, but now I try to implement login/signup with Facebook or Twitter, and I don't know how to do this.
Has anyone had the same problem and solved it?
I tried to use a custom password "very long" for every Facebook and Twitter account but that didn't work.
UPDATE
I try your solution, but get an error. This is my code
public UserDetails loadUserByUsername(String mail) throws UsernameNotFoundException {
ServletRequestAttributes attr = (ServletRequestAttributes) RequestContextHolder.currentRequestAttributes();
if (ConstantPWCabinet.SOCIAL_LOGIN_FACEBOOK.equalsIgnoreCase(attr.getRequest().getParameter(ConstantPWCabinet.LOGIN_TYPE))) {
User facebookInfo = dao.getFacebookInfo(new FacebookTemplate(attr.getRequest().getParameter(ConstantPWCabinet.FACEBOOK_TOKEN)));
List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
authorities.add(new SimpleGrantedAuthority(Role.ROLE_USER_FACEBOOK.toString()));
org.springframework.security.core.userdetails.User user = new org.springframework.security.core.userdetails.User(facebookInfo.getEmail(), null, authorities);
Authentication auth = new UsernamePasswordAuthenticationToken(user, null, user.getAuthorities());
SecurityContextHolder.getContext().setAuthentication(auth);
return user;
}
logger.debug("Mail di accesso: " + mail);
User user = dao.getUserSelectedMail(mail);
List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
String role = user.getRole().toString();
if (StringUtils.isEmpty(role))
authorities.add(new SimpleGrantedAuthority(Role.ROLE_USER.toString()));
else
authorities.add(new SimpleGrantedAuthority(role));
return new org.springframework.security.core.userdetails.User(user.getEmail(), user.getPassword(), authorities);
}
But i get and "Bad credential" and no get login.
You have an AuthenticationFilter that listens to url j_spring_security_check
Filter creates an authentication object and sends to Authentication Provider.
AuthenticationProvider calls UserDetailsService to load user by username and authenticate the user.
Filter then checks the authentication object returned by the provider and sends request to success/failure handler.
When you do it through social medium, your user is authenticated by an external source, so you do not need to authenticate user at your end.
You can simple do
// Authenticate the user
UserDetails user = userDetailsService.loadUserByUsername(username);
Authentication auth = new UsernamePasswordAuthenticationToken(user, null, user.getAuthorities());
SecurityContextHolder.getContext().setAuthentication(auth);
This will authenticate the user without password.
I'm using the Spring Security 2.0-RC4 and the Facebook Authentication for Spring Security 0.15.2-CORE2 to allow users to authenticate with a Facebook login. I request the extra FB permission "email" since I use email as the primary key for my User class, so if the email permission is unselected by the user I need to abort login. Currently I check for null email in my FacebookAuthService.create() and return null if email was not set.
In the normal case everything works fine. Login succeeds, I get new User and FacebookUser records created and my User object's email property is updated with the Facebook user's email address. However, if the user elects to remove email permission during login then I run into problems.
In my FacebookAuthService.create() I check if email was returned (similar to in this question), and if not return null to abort the authentication process:
FacebookUser create(FacebookAuthToken token) {
Facebook facebook
FacebookProfile fbProfile
try {
facebook = new FacebookTemplate(token.accessToken.accessToken)
fbProfile = facebook.userOperations().userProfile
} catch (org.springframework.social.ApiException apiex) {
return null
}
String email = fbProfile.email
if (!email) {
return null
}
...
When email is null and I return null my security state seems to be messed up. I have a beforeInterceptor on my controller which gets called after I return null from create():
def beforeInterceptor = {
def user = springSecurityService.currentUser
log.trace("${user?.email} - End action ${controllerName}Controller.${actionName}() : returns $model, view ${modelAndView?.viewName}")
}
getCurrentUser() should be returning null but instead it throws an exception:
org.codehaus.groovy.grails.web.errors.GrailsExceptionResolver - NullPointerException occurred when processing request: [GET] /rar/user/home
Cannot get property 'username' on null object. Stacktrace follows:
java.lang.NullPointerException: Cannot get property 'username' on null object
at org.codehaus.groovy.runtime.NullObject.getProperty(NullObject.java:56)
at org.codehaus.groovy.runtime.InvokerHelper.getProperty(InvokerHelper.java:169)
at org.codehaus.groovy.runtime.callsite.NullCallSite.getProperty(NullCallSite.java:44)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callGetProperty(AbstractCallSite.java:227)
at grails.plugin.springsecurity.SpringSecurityService.getCurrentUser(SpringSecurityService.groovy:87)
at grails.plugin.springsecurity.SpringSecurityService$$FastClassBySpringCGLIB$$6e53ab8e.invoke(<generated>)
...
It seems that SpringSecurityService thinks that someone is logged in because getCurrentUser()'s call to isLoggedIn() returns true, which causes an exception later when principal is null and a property is accessed on the null principal object.
Should I be aborting the Facebook login process in a different way instead of returning null from FacebookAuthService.create()?
Solved by throwing an exception from FacebookAuthService.create() rather than returning null when email permission has been removed.
My create() now includes this code segment:
if (!email) {
def grailsWebRequest = WebUtils.retrieveGrailsWebRequest()
def flash = grailsWebRequest.flashScope
flash.message = 'Login to Facebook failed. We must have access to your email address in order to proceed with login.'
throw new InsufficientAuthenticationException()
}
I am using https://github.com/sanjeevdwivedi/facebook-csharp-sdk to integrate facebook in my wp8 app.
I want to know how to access the user email id using facebook-csharp-sdk below is the code I am using
FacebookSession session = FacebookSessionClient.LoginAsync("user_about_me,read_stream");
FacebookClient _fb = new FacebookClient(session.AccessToken);
dynamic parameters = new ExpandoObject();
parameters.access_token = session.AccessToken;
parameters.fields = "email,first_name,last_name";
dynamic result = await _fb.GetTaskAsync("me", parameters);
But I am getting only firstname , lastname and id of the logged in result field. Please suggest where am i missing?
You should ask for the email permission.
FacebookSession session = FacebookSessionClient.LoginAsync("user_about_me,read_stream,email");
The last item in the LoginAsync params I placed is email
See permissions for more info