Java – Invalid parameter exception on client.auth_getSession() in Facebook java API

authenticationfacebookjava

I want to connect to a my facebook application using the facebook java api 2.1.1(http://code.google.com/p/facebook-java-api/). My application is in "Desktop" mode so I should be able to access it outside of a web application. I have not defined any callback url for it as well. My code looks something like this.

FacebookJsonRestClient client = new FacebookJsonRestClient( FB_APP_API_KEY, FB_APP_SECRET );
String token = client.auth_createToken();
HttpClient http = new HttpClient();
http.setParams(new HttpClientParams());
http.setState(new HttpState());

final String LOGIN = "https://login.facebook.com/login.php";

GetMethod get = new GetMethod(LOGIN + "?api_key=" + FB_APP_API_KEY + "&v=1.0&auth_token=" + token );

http.executeMethod(get);

PostMethod post = new PostMethod(LOGIN);
post.addParameter(new NameValuePair("api_key", FB_APP_API_KEY));
post.addParameter(new NameValuePair("v", "1.0"));
post.addParameter(new NameValuePair("auth_token", token));
post.addParameter(new NameValuePair("email", "my-email"));
post.addParameter(new NameValuePair("pass", "my-password"));

http.executeMethod(post);

String session = client.auth_getSession(token);

However instead of returning the session the API throws an exception:

com.google.code.facebookapi.FacebookException: Invalid parameter
    at com.google.code.facebookapi.FacebookJsonRestClient.parseCallResult(FacebookJsonRestClient.java:354)
    at com.google.code.facebookapi.ExtensibleClient.callMethod(ExtensibleClient.java:535)
    at com.google.code.facebookapi.ExtensibleClient.callMethod(ExtensibleClient.java:472)
    at com.google.code.facebookapi.FacebookJsonRestClient.auth_getSession(FacebookJsonRestClient.java:278)

Can anyone please tell me whats wrong with this code? And what is the correct way to access a facebook application in desktop mode using the java api (v. 2.1.1).

Thanks for your help.

Regards
Nabeel Mukhtar

Best Answer

As far as I understand FB's API, you're not supposed to provide username and password manually but instead let the user input them manually and then allow the Facebook Login to redirect the user back to your application. This means that instead of providing "email" and "pass" you provide "next" and "cancel" URL:s instead.

This is purely a security feature of FB API and while the theory behind it is alright, the execution is far from optimal.