Hi, > -----Original Message----- > From: George S. [mailto:geor...@mhsoftware.com] > Sent: Saturday, June 29, 2013 7:45 PM > To: Tomcat Users List > Subject: Re: [OT] Accessing HREF Target from Servlet > > > > > > 1) Why would you need to access that part after the "#" for Auth stuff ? > > Intuitively, the part after the "#" is inside of a page. So if access > > to the page is already granted/forbidden by the Auth stuff, the part > > inside of the page should not matter. > I'm doing facebook graph api authentication. In the login cycle, you send the > user to a page facebook page, and you provide that page with a redirect_url. > After the user does their login through facebook, they get redirected back to > the url you supplied. In a case of freakish bizarre (for a server-side > developer), the access token you get is not a parameter on the request. > IOW, the redirect is to "your_redirect_url.html#access_token=blah", not > "your_redirect_url.html?access_token=blah". The whole mess is > documented > here: > > https://developers.facebook.com/docs/facebook-login/login-flow-for-web- > no-jssdk/ > > The part about the token being in the URL but not in the query string isn't > documented there, but it's documented on another page. I'm guessing the > reason they did this is so that the access_token would not show up in the log > files of the destination server.
I have also implemented Facebook Login a while ago for a Webapp that runs under Tomcat 7. However, I do not get the fb-code or access_token after a "#" in the redirected url - maybe you used a JavaScript-only variant for the Facebook login? For example, when doing a Facebook Login, my app does the following: 1. It redirects the user to: https://www.facebook.com/dialog/oauth?client_id=<client_id>&scope=email&redirect_uri=http%3A%2F%2F<my_redirect_url> 2. After the user logs in, the Facebook site redirects to: http://<my_redirect_url>?code=<code>#_=_ so the App gets a "code" parameter which is needed to get an access_token. 3. The App can now request an access token by making an HTTP request to a URL like https://graph.facebook.com/oauth/access_token?client_id=<client_id>&redirect_uri=http%3A%2F%2F<my_redirect_url>&&client_secret=<client_secret>&code=<code> (using the <code> from the previous redirect, and using the same <my_redirect_url> parameter as on the first redirect to the Facebook site. 4. Then the app can request user information from the Facebook Graph API by making a request to a URL like https://graph.facebook.com/me?fields=id,name,first_name,last_name,email&access_token=<access_token>. You can see a live demo here: http://bildergalerie.pleier-it.de/?seite=login (it is a german app for sharing pictures). If you click on the Facebook icon, you will be redirected to FB. After you log in, FB will redirect you to the app with a URL like http://bildergalerie.pleier-it.de/FBLoginRedirector?code=<code>#_=_ After that, the app will query the user's name from Facebook's Graph API and display it in the top right corner. Regards, Konstantin Preißer --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org