Reputation: 228
How to log out users using facebook connect in java with scribe library?
I am using SCRIBE library to enable Facebook connect login in my Application. My problem is that after logging in and getting the access_token every time I click on the login button I am signing in without authorization, because I am signed in Facebook and the access_token is still active. Is there a way to force facebook to sign out or every time to ask me for new access_token, is it a good idea to do it with cookie or using connect.facebook.net/en_US/all.js or just redirect it at some point to https://www.facebook.com/logout.php?access_token=appId&confirm=1&next=http://localhost:8080/ . I know there is a lot of questions about that topic, but all of them and suggested solutions confuse me. Here is the my post construct method in the managed bean that handles Facebook response.
@PostConstruct public void init() { FacesContext context = FacesContext.getCurrentInstance(); HttpServletRequest req = (HttpServletRequest) context .getExternalContext().getRequest();
responseCode = req.getParameter("code");
System.out.println("The code is: "+responseCode);
//facebook data
final String PROTECTED_RESOURCE_URL = "https://graph.facebook.com/me";
final Token EMPTY_TOKEN = null;
String apiKey = "MY_API_KEY";
String apiSecret = "MY_API_SECRET";
String callbackUrl="the-redirect_page_in_my_application";
OAuthService service = new ServiceBuilder().provider(FacebookApi.class)
.apiKey(apiKey).apiSecret(apiSecret)
//.scope(SCOPE)
.callback(callbackUrl).build();
//get authorization Url
String authorizationUrl = service.getAuthorizationUrl(EMPTY_TOKEN);
Verifier v=new Verifier(responseCode);
Token accessToken = service.getAccessToken(EMPTY_TOKEN, v);
// Now let's go and ask for a protected resource!
OAuthRequest request = new OAuthRequest(Verb.GET,
PROTECTED_RESOURCE_URL);
service.signRequest(accessToken, request);
Response response = request.send();
Gson gson = new GsonBuilder().create();
FacebookUser faceUser = gson.fromJson(response.getBody(), FacebookUser.class);
setUserName(faceUser.getName());
setUserFacebook(faceUser.getUsername());
setGender(faceUser.getGender());
FacesContext.getCurrentInstance().responseComplete();
}
Upvotes: 1
Views: 2000
Answers (1)
Reputation: 4439
You have multiple options:
- Tie your Logout button to the Facebook Javascript SDK's FB.logout() function. This has a possibly unwanted side-effect of logging the user out of Facebook.com also (because your app might have been responsible for them logging into it in the first place)
- Use the /me/permissions Graph API endpoint with an HTTP DELETE and a user access token to revoke permissions for that user for your app. The downside here is that the user will have to re-authenticate again when they login to your app the next time (and see the Login Dialog again too).
- Store a session variable that tells you that someone is logged in. Delete that variable when they logout and store another session variable that indicates they have manually logged out. Then if that second variable exists, do not automatically re-authenticate them again until they click on the login button in your app.
Upvotes: 0
Related Questions
- Facebook SDK 4 for Android - how to log out programmatically
- How to implement single logout function for Facebook and Google Authentication
- What URL to hit to log out of Facebook through java APIs?
- Logout Facebook Android SDK
- How to implement logout functionality in android using facebook login
- Logout in Facebook Using android fb SDK 3.0
- how to logout using facebook api in android
- Facebook login/logout
- Android: How can i logout of Facebook API
- Logout Facebook in Android