Go to content

Retrieve Facebook profile data in Java: Spring Social

Published on

In the previous blogpost I explained how you can get Facebook profile data using Scribe. This blogpost will do the same for Spring Social.


The Maven dependency for Spring Social Facebook:


Setup of the Spring controller:

public class FacebookSpringSocialAuthenticator {
  public static final String STATE = "state";
  private String applicationHost;
  private FacebookConnectionFactory facebookConnectionFactory;

  public FacebookSpringSocialAuthenticator(
        String clientId,
        String clientSecret,
        String applicationHost) {
    this.applicationHost = applicationHost;
    facebookConnectionFactory = 
      new FacebookConnectionFactory(clientId, clientSecret);

Start the authentication

public RedirectView startAuthentication(HttpSession session) 
    throws OAuthSystemException {
  String state = UUID.randomUUID().toString();
  session.setAttribute(STATE, state);

  OAuth2Operations oauthOperations = 
  OAuth2Parameters params = new OAuth2Parameters();
  params.setRedirectUri(applicationHost + "/auth/facebook/callback");

  String authorizeUrl = oauthOperations.buildAuthorizeUrl(
      GrantType.AUTHORIZATION_CODE, params);
  return new RedirectView(authorizeUrl);

Handle the callback

public RedirectView callBack(@RequestParam("code") String code,
                             @RequestParam("state") String state,
                             HttpSession session) {
  String stateFromSession = (String) session.getAttribute(STATE);
  if (!state.equals(stateFromSession)) {
    return new RedirectView("/login");

  AccessGrant accessGrant = getAccessGrant(code);

  String facebookUserId = getFacebookUserId(accessGrant);
  session.setAttribute("facebookUserId", facebookUserId);
  return new RedirectView("/logged-in");

Retrieve the AccessGrant

private AccessGrant getAccessGrant(String authorizationCode) {
  OAuth2Operations oauthOperations = 
  return oauthOperations.exchangeForAccess(authorizationCode,
      applicationHost + "/auth/facebook/callback", null);

Get the Facebook user id

Spring social splits up the profile response into several classes. With Connection#fetchUserProfile you get the username, but not the user’s identifier, which is retrieved with Connection#getKey.

private String getFacebookUserId(AccessGrant accessGrant) {
  Connection<Facebook> connection = 
  ConnectionKey connectionKey = connection.getKey();
  return connectionKey.getProviderUserId();


Spring Social has built in methods to convert the JSON response of the profile into Java objects which Scribe doesn’t do for you. Its setup is a bit simpler and there are no traces of OAuth 1 support in the Facebook classes. Spring social seems to handle the flow a bit slower (200-300 ms slower) than Scribe.