Skip to main content

HTMLComponent and Facebook Auth

19 replies [Last post]
Anonymous

Hi,
I'm wondering if it's possible to use the HTMLComponent for Facebook
authentication? On Android you can use a WebView for this. But probably
there are some restritions (Javascript, redirects, session handling,
...) in the LWUIT component?
Thanks!

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@lwuit.dev.java.net
For additional commands, e-mail: users-help@lwuit.dev.java.net

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
klemensz
Offline
Joined: 2007-02-25

I can log in to the mobile website of Facebook and also browse around. But I'm stuck with OAuth. The page where the user should allow or decline access for the Facebook app is not shown.

Klemens

I got a little bit further by importing the root certificate but now the
error message is: "Subject alternative name did not match site name".
The problem seems to be that Facebook has a certificate for
*.facebook.com which the emulator doesn't like...

On 24.06.2010 14:15, Shai Almog wrote:
> Hi,
> I think the mobile version of Facebook works. The browser demo includes
> cookie support which is the main portion that's needed.
>> Hi,
>> I'm wondering if it's possible to use the HTMLComponent for Facebook
>> authentication? On Android you can use a WebView for this. But probably
>> there are some restritions (Javascript, redirects, session handling,
>> ...) in the LWUIT component?
>> Thanks!
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@lwuit.dev.java.net
>> For additional commands, e-mail: users-help@lwuit.dev.java.net
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@lwuit.dev.java.net
> For additional commands, e-mail: users-help@lwuit.dev.java.net
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@lwuit.dev.java.net
For additional commands, e-mail: users-help@lwuit.dev.java.net

Mixa

Not sure if it is your case, but I saw on some real phones
(SonyEroicsson?) that they do not support wildcard SSL sertificates,
throwing a security exception when opening such sites in java.

But in native web browser (of the phone) it prompts user to allow
opening such site. In java you have no choice in API.

Mike

On Fri, Jun 25, 2010 at 4:24 PM, Klemens wrote:
> I got a little bit further by importing the root certificate but now the
> error message is: "Subject alternative name did not match site name".
> The problem seems to be that Facebook has a certificate for
> *.facebook.com which the emulator doesn't like...
>
> On 24.06.2010 14:15, Shai Almog wrote:
>> Hi,
>> I think the mobile version of Facebook works. The browser demo includes
>> cookie support which is the main portion that's needed.
>>> Hi,
>>> I'm wondering if it's possible to use the HTMLComponent for Facebook
>>> authentication? On Android you can use a WebView for this. But probably
>>> there are some restritions (Javascript, redirects, session handling,
>>> ...) in the LWUIT component?
>>> Thanks!
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@lwuit.dev.java.net
>>> For additional commands, e-mail: users-help@lwuit.dev.java.net
>>>
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@lwuit.dev.java.net
>> For additional commands, e-mail: users-help@lwuit.dev.java.net
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@lwuit.dev.java.net
> For additional commands, e-mail: users-help@lwuit.dev.java.net
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@lwuit.dev.java.net
For additional commands, e-mail: users-help@lwuit.dev.java.net

bjcoredev
Offline
Joined: 2008-06-13

I had an interesting conversation with a staff engeneer from TWITTER about wildcard SSL certificates twitter API . Look at that:
http://groups.google.com/group/twitter-development-talk/browse_thread/th...

I'm so diasappointed ....
My dev config was Eclipse+WTK 2.5.2 and i can't use it anymore for coding my twitter client...

Terrence Barr - Senior Technologist and Ambassador

I have contacted the WTK/Java ME SDK team for information/help
on the topic of wildcard certificates. I'll let you know ASAP
what I can find out.

Best,
-- Terrence

lwuit-users@mobileandembedded.org wrote:
> I had an interesting conversation with a staff engeneer from TWITTER about wildcard SSL certificates twitter API . Look at that:
> http://groups.google.com/group/twitter-development-talk/browse_thread/th...
>
>
> I'm so diasappointed ....
> My dev config was Eclipse+WTK 2.5.2 and i can't use it anymore for coding my twitter client...
> [Message sent by forum member 'bjcoredev']
>
> http://forums.java.net/jive/thread.jspa?messageID=478312
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@lwuit.dev.java.net
> For additional commands, e-mail: users-help@lwuit.dev.java.net
>
>

--


Terrence Barr | Senior Technologist, Mobile & Embedded
Phone: +49 711 720 98185
Blog: http://terrencebarr.wordpress.com/
Yahoo IM: terrencebarr, Twitter: terrencebarr

ORACLE Deutschland B.V. & Co. KG | Zettachring 10A | 70587 Stuttgart

ORACLE Deutschland B.V. & Co. KG
Hauptverwaltung: Riesstr. 25, D-80992 München
Registergericht: Amtsgericht München, HRA 95603

Komplementärin: ORACLE Deutschland Verwaltung B.V.
Rijnzathe 6, 3454PV De Meern, Niederlande
Handelsregister der Handelskammer Midden-Niederlande, Nr. 30143697
Geschäftsführer: Jürgen Kunz, Marcel van de Molen, Alexander van der Ven

Note 1:
The statements and opinions expressed here are my own and do not
necessarily represent those of Oracle.

Note 2:
This email message is for the sole use of the intended recipient(s) and
may contain confidential and privileged information. Any unauthorized
review, use, disclosure or distribution is prohibited. If you are not the
intended recipient, please contact the sender by reply email and destroy
all copies of the original message.

Oracle is committed to developing practices and products that help
protect the environment

[terrence_barr.vcf]
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@lwuit.dev.java.net
For additional commands, e-mail: users-help@lwuit.dev.java.net

bjcoredev
Offline
Joined: 2008-06-13

Thanks a lot Terrence
I ll be on vacation during 3 weeks but i ll try to stay tuned (and connected) during my holidays

Regards

ofirl
Offline
Joined: 2008-06-24

Just wanted to let you know that I have committed a fix to the LWUITBrowser project - it seems we had a bug for a long time when a domain has multiple cookies.

This used to work with previous versions of Facebook and Twitter - but since they changed their auth model it stopped - but now this was fixed.

Reading this thread, I am aware that this might not be the problem you're discussing - but if you checkout the updated LWUIT and LWUITBrowser, you should be able to browse now to facebook and twitter with no problem.

Note however that some of the pages in FB take HTMLComponent to extreme use cases (due to long pages with lots of components)

terrencebarr
Offline
Joined: 2004-03-04

Thanks, Ofir!

-- Terrence

ofirl
Offline
Joined: 2008-06-24

BTW - even after the fix, there's still an unresolved issue: When you first login to FB or Twitter - it will seem like it is not working (i.e. in FB you will be forwarded to an error page). But the authentication process is successful, and the next time you go to FB, you will be logged in automatically (Since cookies are stored by the HttpRequestHandler and are even cached for subsequent uses by the Storage class, both can be found in the LWUITBrowser project)

I will try to see why it's not working in the first time.

Klemens

I'm trying to implement oAuth but I'm always redirected to an error
page. Do you think it's the same issue?
The URL that I start with in the browser is
https://graph.facebook.com/oauth/authorize?...

On 25.08.2010 08:12, lwuit-users@mobileandembedded.org wrote:
> BTW - even after the fix, there's still an unresolved issue: When you first login to FB or Twitter - it will seem like it is not working (i.e. in FB you will be forwarded to an error page). But the authentication process is successful, and the next time you go to FB, you will be logged in automatically (Since cookies are stored by the HttpRequestHandler and are even cached for subsequent uses by the Storage class, both can be found in the LWUITBrowser project)
>
> I will try to see why it's not working in the first time.
> [Message sent by forum member 'ofirl']
>
> http://forums.java.net/jive/thread.jspa?messageID=480935
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@lwuit.dev.java.net
> For additional commands, e-mail: users-help@lwuit.dev.java.net
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@lwuit.dev.java.net
For additional commands, e-mail: users-help@lwuit.dev.java.net

ramdante
Offline
Joined: 2010-07-25

Facebook auth can be easily done using html component..I have done it !

lilin1lilin
Offline
Joined: 2011-08-18

hi, could you share me the code, PLS?

bjcoredev
Offline
Joined: 2008-06-13

First of all, thanks for your answer

I ve tried to use http instead of of https
with http://api.twitter.com/oauth/access_token

but according to the api documentation (see:
http://apiwiki.twitter.com/Twitter-REST-API-Method%3A-oauth-access_token...)
ssl is required and when i use http (and not https), the server returns me :

..
/oauth/access_token.
SSL required
.
.

Im very suprised that your client can access the token without using https !!

Regards

Mixa

Hi,

I'm not sure if it relates to the SSL problem, but I saw on real
devices (SonyEricsson?) that they do not accept wildcard certificates,
generating en exception then (native phone browser in this case
prompts user to accept this 'invalid' certificate, and can pass to the
page then), but in java no prompt for that, and SSL connect fails. Can
it be the matter for the emulator issue?

If so, I would consider using MicroEmulator then - I guess it could
handle wildcard certificates better.

Mike

On Thu, Jul 22, 2010 at 7:10 PM, wrote:
> First of all, thanks for your answer
>
> I ve tried to use http instead of of https
> with http://api.twitter.com/oauth/access_token
>
> but according to the api documentation (see:
> http://apiwiki.twitter.com/Twitter-REST-API-Method%3A-oauth-access_token...)
> ssl is required  and when i use http (and not https), the server returns me :
>
> ..
> /oauth/access_token.  
> SSL required
.
>
.
>
> Im very suprised that your client can access the token without using https !!
>
> Regards
> [Message sent by forum member 'bjcoredev']
>
> http://forums.java.net/jive/thread.jspa?messageID=478282
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@lwuit.dev.java.net
> For additional commands, e-mail: users-help@lwuit.dev.java.net
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@lwuit.dev.java.net
For additional commands, e-mail: users-help@lwuit.dev.java.net

Mixa

Ops, sorry - I see I already wrote in this thread about that ))

On Thu, Jul 22, 2010 at 9:50 PM, Mixa wrote:
> Hi,
>
> I'm not sure if it relates to the SSL problem, but I saw on real
> devices (SonyEricsson?) that they do not accept wildcard certificates,
> generating en exception then (native phone browser in this case
> prompts user to accept this 'invalid' certificate, and can pass to the
> page then), but in java no prompt for that, and SSL connect fails. Can
> it be the matter for the emulator issue?
>
> If so, I would consider using MicroEmulator then - I guess it could
> handle wildcard certificates better.
>
> Mike
>
> On Thu, Jul 22, 2010 at 7:10 PM,   wrote:
>> First of all, thanks for your answer
>>
>> I ve tried to use http instead of of https
>> with http://api.twitter.com/oauth/access_token
>>
>> but according to the api documentation (see:
>> http://apiwiki.twitter.com/Twitter-REST-API-Method%3A-oauth-access_token...)
>> ssl is required  and when i use http (and not https), the server returns me :
>>
>> ..
>> /oauth/access_token.  
>> SSL required
.
>>
.
>>
>> Im very suprised that your client can access the token without using https !!
>>
>> Regards
>> [Message sent by forum member 'bjcoredev']
>>
>> http://forums.java.net/jive/thread.jspa?messageID=478282
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@lwuit.dev.java.net
>> For additional commands, e-mail: users-help@lwuit.dev.java.net
>>
>>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@lwuit.dev.java.net
For additional commands, e-mail: users-help@lwuit.dev.java.net

bjcoredev
Offline
Joined: 2008-06-13

Hi Klemensz

I'have the same pb as you when i try to request a token to twitter (oAuth/xAuth)
I use WTK 2.5.2 and all worked fine with https until Twitter changed their SSL certificates with a wildcard SSL certificate.Now i got a "Subject alternative name did not match site name" error

Have you found a solution because i want to continue to use WTK 2.5.2 to develop my app

Regards

Klemens

Hi,
Facebook: We'll probably stay with the (suboptimal) sharer.php solution
instead of fully integrating Facebook using oAuth.

Twitter: Their certificate change this week cost me some headache
indeed. Right now my workaround is to use the URL
http://api.twitter.com/oauth/access_token instead (see http instead of
https) when I'm on the emulator. It seems to work.

I also tried Java ME SDK 3.0 but there I get another certificate error
like "unknown issuer" and I'm stuck tying to import the certificate into
the ME keystore. There is a certificate management tool in 2.5.2 but it
seems to be disappeared in 3.0.

Klemens

On 22.07.2010 16:12, lwuit-users@mobileandembedded.org wrote:
> Hi Klemensz
>
> I'have the same pb as you when i try to request a token to twitter (oAuth/xAuth)
> I use WTK 2.5.2 and all worked fine with https until Twitter changed their SSL certificates with a wildcard SSL certificate.Now i got a "Subject alternative name did not match site name" error
>
> Have you found a solution because i want to continue to use WTK 2.5.2 to develop my app
>
> Regards
> [Message sent by forum member 'bjcoredev']
>
> http://forums.java.net/jive/thread.jspa?messageID=478274
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@lwuit.dev.java.net
> For additional commands, e-mail: users-help@lwuit.dev.java.net
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@lwuit.dev.java.net
For additional commands, e-mail: users-help@lwuit.dev.java.net

Shai Almog

Hi,
I think the mobile version of Facebook works. The browser demo includes
cookie support which is the main portion that's needed.
> Hi,
> I'm wondering if it's possible to use the HTMLComponent for Facebook
> authentication? On Android you can use a WebView for this. But probably
> there are some restritions (Javascript, redirects, session handling,
> ...) in the LWUIT component?
> Thanks!
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@lwuit.dev.java.net
> For additional commands, e-mail: users-help@lwuit.dev.java.net
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@lwuit.dev.java.net
For additional commands, e-mail: users-help@lwuit.dev.java.net

Klemens

Thanks. Now the problem starts with the HTTPS connection on the WTK
2.5.2 emulator:
HttpRequestHandler->IOException: Server certificate chain exceeds the
length allowed by an issuer's policy

I imported the certificate into the WTK's certificate manager but that
didn't help. Any ideas?

On 24.06.2010 14:15, Shai Almog wrote:
> Hi,
> I think the mobile version of Facebook works. The browser demo includes
> cookie support which is the main portion that's needed.
>> Hi,
>> I'm wondering if it's possible to use the HTMLComponent for Facebook
>> authentication? On Android you can use a WebView for this. But probably
>> there are some restritions (Javascript, redirects, session handling,
>> ...) in the LWUIT component?
>> Thanks!
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@lwuit.dev.java.net
>> For additional commands, e-mail: users-help@lwuit.dev.java.net
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@lwuit.dev.java.net
> For additional commands, e-mail: users-help@lwuit.dev.java.net
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@lwuit.dev.java.net
For additional commands, e-mail: users-help@lwuit.dev.java.net