Long lived access token by using spring social

Question

Can any one please tell me how do i get long lived access token for the social sites with the help of spring social. If possible please provide the code snippet. I am using the spring 1.1.0 spring facebook, linkedIn and twitter API's.

Answer 1

For Twitter, which uses OAuth 1.0a, the tokens do not expire. So you should be getting a token that lasts virtually forever (as long as the user doesn't revoke it).

For Facebook, it's not possible (not any longer anyway) to obtain a token that lives forever. You're only option is to obtain a token and use it while you can. Once the token has expired, you must go through the authorization flow again to obtain a new token. The good news is that Spring Social provides ReconnectFilter to help you with that. See the Spring Social Showcase example (https://github.com/spring-projects/spring-social-samples/tree/master/spring-social-showcase), specifically SocialConfig.java and WebMvcConfig.java to see how to setup ReconnectFilter.

My memory is a bit fuzzy on LinkedIn, but I recall that LinkedIn handles expired tokens in much the same way as Facebook (that is, you must reauthorize to get a new token). Therefore, ReconnectFilter should help you there, too.

Note that the behaviour described above for FB and LI is not in accordance with the OAuth 2 specification. Per the spec, refresh tokens are granted along with access tokens and may be used to obtain a new access token once the original has expired. FB and LI do no implement the refresh token portion of the spec. I don't know why exactly, but I suspect it's because it's more secure. If a client must redirect the user through the authorization flow to obtain a new token, then it means that the user must be actively using the application and be a participant in the renewal of the token. The per-the-spec approach doesn't require user involvement except in the initial authorization flow--the app can then renew tokens forever even if the user never uses the application again.