Access Token from a desktop application

Jun 22, 2010 at 3:42 AM

I have had a quick look through results of a few searches around authorising a desktop application but I didn't see one that related exactly to my problem, so I apologise if this has already been answered somewhere.

I have run into a problem where authenticating with the facebook servers from a desktop app at the url:

https://graph.facebook.com/oauth/authorize?client_id=...&redirect_uri=http://www.facebook.com/connect/login_success.html&type=user_agent&display=popup

fails to initialise an access_token successfully. I encountered it initially when playing with the source of an older version of this toolkit, and then again when I tried creating a basic api to meet my requirements from scratch, and now, still, again in the latest changeset for this toolkit.

So, the redirect works as expected, however the WebBrowser object is unable to access the access_token as anything after the '#' in the url is not passed into it. The form successfully captures the fact that the url begins with connect/login_success.html but then the session can not be initialised from that. Of course, using the old api url works happy as larry, but that generates a session rather than the new OAuth key.

I have tried some basic attempts at getting what I need using an http request from within the desktop app, but I am not sure how to handle redirects from that. I will keep playing, but if someone here has found a solution, my ears are open!=

Cheers :)

 

Jono

Jun 27, 2010 at 8:02 AM

I've ran into the same issue while working on my OOB Silverlight app. Basically, if you can't use desktop login path recommended by Facebook you will have to go with two step login process. Simply remove type=user_agent from your authorization url and change your redirect_uri to point to the success page based on your connect url. This time you will get access_code as query parameter. You can "trade" access_token in exchange for access_code with simple http request.

Another way is to use "hacked" login url to get new session object and extract access_token from it. The problem with that method is that it is not documented and could break at any time.  http://forum.developers.facebook.com/viewtopic.php?pid=222957