chechu / grails-facebook-graph Goto Github PK

Hi, thanks for upgrading so quickly the plugin to oauth 2.0, but i've a problem.
After the login with facebook the application correctly redirect to controller QAuth and action facebookLogin

...

   <script type="text/javascript">
      FB.Event.subscribe('auth.logout', function (response) {
           window.location ="${createLink(controller:'QAuth', action:'facebookLogout')}";
      });
      function facebookLogin() {
              FB.getLoginStatus(function(response) {
                      if (response.status === 'connected') {
                              // logged in and connected user, someone you know
                              window.location ="${createLink(controller:'QAuth', action:'facebookLogin')}";
                      }
              });
      }


    </script>

...

but in this action session.facebook is null

after some debugging the problem seems to be in createFacebookData(data) in class FacebookGraphService

at
...
if(!facebookData?.access_token || !facebookData?.uid || !facebookData?.expires) {
facebookData = null
} else {
// Setting the expiration date
now = Calendar.getInstance()
now.add(Calendar.SECOND, facebookData.expires as Integer)
facebookData.expiresDate = now.time
}
...
the facebookData is set to null each time, because the facebookData.expires is null

Notice: the access token and uid are presnt

plugin used : facebook-graph-0.14

After login from facebook, I am getting empty facebook = {} map from session. My application was working fine but after sometime, I started getting empty map.

I know facebook login is OK. It's something wrong in the filter of this plugin. Please help.

Hi, and thank you for this useful plugin!

By default, the filter defined in FacebookGraphFilters.groovy is applied to all actions of all controllers in order to validate the session and retrieve FB data:

facebook(controller:"*", action:"*") {
    ...
}

This may be a little bit of an overhead if the facebookGraphService is only used in a small subset of controllers and/or actions, because the session has to be validated and so on for every single action. Therefore, it would be nice to allow plugin users deciding the controllers/actions in which the filter must be used. This could be done through configuration options. Another solutions would consist in not using the filter at all and letting the facebookGraphService validate the session whenever it is called.

Hi, the login button doesn't work. I think due to facebook api upgrade.
Any advice?
Thank you in advance.
Cavola Francesco

i.e. java script and images across https not http

Facebook requires us to provide the option to log out.

Would be nice to have this added to the library.

ATM, I'm manually calling the fb.logout() and setting session.facebookdata = null

It seems that recent FB API changes may have broken the plugin in in all browsers. Up until a week or so ago the plugin worked fine and without any problems (great job, BTW). However, about a week or so ago it stopped working altogether.

The first issue which can be easily fixed is the use of the 'perms' parameter in the fb:login-button tag. This parameter was renamed to 'scope'.

The second issue which I haven't been able to resolve outside of the plug-in is caused by what seems to be a stricter cross-frame security policy. Upon clicking to eh FB button the JS console shows the following error message:
"Unsafe JavaScript attempt to access frame with URL https://s-static.ak.fbcdn.net/connect/xd_proxy.php? ...
from frame with URL . Domains, protocols and ports must match."

It is important to note (and I haven't tried it yet) that my current domain is not secure (protocol is http and not https).
I wonder if anybody else has experienced this and was able to solve the second issue.

Thanks,

Yehuda Romano

Some of the Graph APIs require HTTP DELETE request but the current plugin only support GET and POST. I try modifed the existing FacebookGraphService.makeRequest(urlAsString, params) as follow and seems it's working fine:

private def makeRequest(urlAsString, params) {
    def resp
    def encodedParams = ""
    URL url
    Writer writer
    URLConnection connection

    // Encoding the params...
    if (params) {
        params.each{k,v ->
            if(k != 'method' && k != 'id') {
                encodedParams += k.encodeAsURL() + '=' + v.encodeAsURL() + '&'
            }
        }
        encodedParams = encodedParams[0..-2]
    }

    try {
        // Making the request
        switch(params.method) {
            case "GET":
                if(encodedParams) urlAsString += '?' + encodedParams
                url = new URL(urlAsString)
                resp = url.text
            break;
            case "POST":
            case "DELETE":
                url = new URL(urlAsString)
                connection = url.openConnection()
                connection.setRequestMethod(params.method)
                connection.doOutput = true

                writer = new OutputStreamWriter(connection.outputStream)
                writer.write(encodedParams)
                writer.flush()
                writer.close()
                connection.connect()

                if (connection.responseCode == 200 || connection.responseCode == 201)
                    resp = connection.content.text

            break;
        }
    } catch(Exception e) {
        // resp will be null, nothing to do...
        log.error(e)
    }

    return resp
}

Hi,

If a user has a valid facebook connection, then makes some requests, then disconnects from facebook and then logs in again, the plugin fails to recognize that the access_token has to be refreshed. As the plugin finds facebook data from the session, it thinks that the same authentication is valid instead of retrieving the data from FB using the new cookie. Therefore, api calls requiring authorization fail.

For exemple, when calling facebookGraphService.getFacebookProfile() I get these exceptions:

ERROR facebook.FacebookGraphService java.io.IOException: Server returned HTTP response code: 400 for URL: https://graph.facebook.com/me?facebookData=......
ERROR facebook.FacebookGraphService null

I am not very sure of how this problem can be solved. Maybe a method similar to facebookDataOldUser() can be introduced to track the 'version' of the cookie used to retrieve the data and compare it with the currently received cookie?