Adobe Experience Manager Sites & More

Stanleyor · 3/28/17

Hey

Today facebook log-in on our web-site stopped working:

28.03.2017 10:54:52.313 *ERROR* [qtp1448280031-74010] com.adobe.granite.auth.oauth.impl.oauth2.Oauth2Helper Response body is incorrect. Can't extract a token from this: '{"access_token":"EAAJGDvtJEUYBANHEc5fdkYXLtAgDV6YHLcZCU87Rf7EPbTZAH05LqtAs1yZBXC3uLPDvpUpPMZCYEWLZCOdIksfObQ8Eu2gVibrZC1yr2lDvE5GeWt72S2Idsss7IbrhEIBNImkL78JAk82RpyMRCz5WdDMiDO2t8dPQdtINowNgZDZD","token_type":"bearer","expires_in":5112541}' org.scribe.exceptions.OAuthException: Response body is incorrect. Can't extract a token from this: '{"access_token":"EAAJGDvtJEUYBANHEc5fdkYXLtAgDV6YHLcZCU87Rf7EPbTZAH05LqtAs1yZBXC3uLPDvpUpPMZCYEWLZCOdIksfObQ8Eu2gVibrZC1yr2lDvE5GeWt72S2Idsss7IbrhEIBNImkL78JAk82RpyMRCz5WdDMiDO2t8dPQdtINowNgZDZD","token_type":"bearer","expires_in":5112541}' at org.scribe.extractors.TokenExtractor20Impl.extract(TokenExtractor20Impl.java:33) at org.scribe.oauth.OAuth20ServiceImpl.getAccessToken(OAuth20ServiceImpl.java:37) at com.adobe.granite.auth.oauth.impl.oauth2.Oauth2Helper.requestAccessCode(Oauth2Helper.java:124) at com.adobe.granite.auth.oauth.impl.OAuthAuthenticationHandler.extractCredentials(OAuthAuthenticationHandler.java:193) at org.apache.sling.auth.core.impl.AuthenticationHandlerHolder.doExtractCredentials(AuthenticationHandlerHolder.java:75) at org.apache.sling.auth.core.impl.AbstractAuthenticationHandlerHolder.extractCredentials(AbstractAuthenticationHandlerHolder.java:60) at org.apache.sling.auth.core.impl.SlingAuthenticator.getAuthenticationInfo(SlingAuthenticator.java:718) at org.apache.sling.auth.core.impl.SlingAuthenticator.doHandleSecurity(SlingAuthenticator.java:466) at org.apache.sling.auth.core.impl.SlingAuthenticator.handleSecurity(SlingAuthenticator.java:451) at org.apache.sling.engine.impl.SlingHttpContext.handleSecurity(SlingHttpContext.java:121) at org.apache.felix.http.base.internal.service.ServletContextImpl.handleSecurity(ServletContextImpl.java:421) at org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:57) at org.apache.felix.http.base.internal.dispatch.Dispatcher.dispatch(Dispatcher.java:124) at org.apache.felix.http.base.internal.DispatcherServlet.service(DispatcherServlet.java:61) at javax.servlet.http.HttpServlet.service(HttpServlet.java:725) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:812) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:587) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:221) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:215) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97) at org.eclipse.jetty.server.Server.handle(Server.java:499) at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:311) at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257) at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:544) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635) at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555) at java.lang.Thread.run(Thread.java:745)

Stanleyor · 4/12/17

If someone experiencing the same problem:

Finally after 2 weeks we got a hot-fix from Adobe.

The claim in docs that "AEM 6.2 Communities works with FB API 2.5" is a lie. You need a hot-fix to make it work.

View solution in original post

Stanleyor · 3/28/17

If I understand correctly that is what AEM uses:
https://github.com/dsyer/scribe-java/blob/master/src/main/java/org/scribe/extractors/TokenExtractor2...

public class TokenExtractor20Impl implements AccessTokenExtractor { private static final String TOKEN_REGEX = "access_token=([^&]+)"; private static final String EMPTY_SECRET = ""; /** * {@inheritDoc} */ public Token extract(String response) { Preconditions.checkEmptyString(response, "Response body is incorrect. Can't extract a token from an empty string"); Matcher matcher = Pattern.compile(TOKEN_REGEX).matcher(response); if (matcher.find()) { String token = OAuthEncoder.decode(matcher.group(1)); return new Token(token, EMPTY_SECRET, response); } else { throw new OAuthException("Response body is incorrect. Can't extract a token from this: '" + response + "'", null); } } }

Although according to Facebook change log:

[Oauth Access Token] Format - The response format of https://www.facebook.com/v2.3/oauth/access_token returned when you exchange a code for an access_token now return valid JSON instead of being URL encoded. The new format of this response is {"access_token": {TOKEN}, "token_type":{TYPE}, "expires_in":{TIME}}. We made this update to be compliant with section 5.1 of RFC 6749.

Hence new JSON format cannot be parsed by old REGEX.

There is an example of an appropriate implementation here. But I do not know how to integrate this with AEM and whether that is possible at all.

JK_Kendall · 3/28/17

What version of AEM and Communities are you using? Social login is a feature of the Communities capability.

Please read about Facebook API versions from the AEM perspective.

- JK

Stanleyor · 3/29/17

Hey, JK Kendall

I've just updated AEM Communities with AEM-6.2-COMMUNITIES-LIVEFYRE-FEATURE-PACK-2 Version: 1.10.111 but the problem is still there. The feature pack has *not* fixed the problem. Currently we are using Version: 1.10.111

29.03.2017 10:33:47.585 *ERROR* [qtp456392319-11621] com.adobe.granite.auth.oauth.impl.oauth2.Oauth2Helper Response body is incorrect. Can't extract a token from this: '{"access_token":"EAAJGDvtJEUYBACvrh7nPweWzT254Fr5akEw8akKV6WDIgYSK9FmszwIfZBbvP9yKeqf8yeKv5foKdeYZC45DZBYkM0ZCw3DOfjsBnZAmyAZBtrXDJfoO5p7lfoy9fAAgGL3UNXsP4VSWfNXsJ0izqFknnzAsSNH5ZCZAwnroMZAzhTwZDZD","token_type":"bearer","expires_in":5184000}'
org.scribe.exceptions.OAuthException: Response body is incorrect. Can't extract a token from this: '{"access_token":"EAAJGDvtJEUYBACvrh7nPweWzT254Fr5akEw8akKV6WDIgYSK9FmszwIfZBbvP9yKeqf8yeKv5foKdeYZC45DZBYkM0ZCw3DOfjsBnZAmyAZBtrXDJfoO5p7lfoy9fAAgGL3UNXsP4VSWfNXsJ0izqFknnzAsSNH5ZCZAwnroMZAzhTwZDZD","token_type":"bearer","expires_in":5184000}'
        at org.scribe.extractors.TokenExtractor20Impl.extract(TokenExtractor20Impl.java:33)
        at org.scribe.oauth.OAuth20ServiceImpl.getAccessToken(OAuth20ServiceImpl.java:37)
        at com.adobe.granite.auth.oauth.impl.oauth2.Oauth2Helper.requestAccessCode(Oauth2Helper.java:124)
        at com.adobe.granite.auth.oauth.impl.OAuthAuthenticationHandler.extractCredentials(OAuthAuthenticationHandler.java:193)
        at org.apache.sling.auth.core.impl.AuthenticationHandlerHolder.doExtractCredentials(AuthenticationHandlerHolder.java:75)
        at org.apache.sling.auth.core.impl.AbstractAuthenticationHandlerHolder.extractCredentials(AbstractAuthenticationHandlerHolder.java:60)
        at org.apache.sling.auth.core.impl.SlingAuthenticator.getAuthenticationInfo(SlingAuthenticator.java:718)
        at org.apache.sling.auth.core.impl.SlingAuthenticator.doHandleSecurity(SlingAuthenticator.java:466)
........

Facebook log-in worked on Monday. On Tuesday FB log-in broke. We deployed or changed nothing.

JK_Kendall · 3/29/17

My guess would be to upgrade your Facebook app to use FB API v2.5 or later.

- JK

Stanleyor · 3/30/17

https://developers.facebook.com/docs/apps/changelog -> Changes from v2.2 to v2.3

[Oauth Access Token] Format - The response format of https://www.facebook.com/v2.3/oauth/access_token returned when you exchange a code for an access_token now return valid JSON instead of being URL encoded. The new format of this response is {"access_token": {TOKEN}, "token_type":{TYPE}, "expires_in":{TIME}}. We made this update to be compliant with section 5.1 of RFC 6749.

If I understood correctly for version >= 2.3 the response format is JSON. Including the version 2.5.

v2.2 was available until March 25, 2017.

JK_Kendall · 3/30/17

Hi Stanley,

I am no expert on this. All I can do is point out the history of social login for AEM and that AEM 6.2 Communities works with FB API 2.5.

Also, there is sample code for creating an OAuth provider (using LinkedIn as an example) - I don't know if you can do something with that.

I hope someone else will respond to this thread or you could open a support ticket.

I think the key is to understand what did change, because something changed. If you deployed or changed nothing in AEM, then it suggests something changed coming from Facebook.

If you have a dev system and could quickly try the getting started tutorial and try its Facebook login, perhaps you could get more specific information... ??? It should take you about 10 minutes to setup, author a new site, and then try the social login. Maybe even then setup a new Facebook app and try it with the dev setup.

Wish I could be of more help - I realize how frustrating this must be.

- JK

Stanleyor · 4/12/17

Hey, JK Kendall

Thank you for your help

Stanleyor · 4/12/17

If someone experiencing the same problem:

Finally after 2 weeks we got a hot-fix from Adobe.

The claim in docs that "AEM 6.2 Communities works with FB API 2.5" is a lie. You need a hot-fix to make it work.

Pablo_Larrosa-R · 4/13/17

Hi Stanleyor,

We have the exact same issue ( "Response body is incorrect. Can't extract a token from this: " ), can you tell me the hotfix number so I can download it from the package share??

Thanks in advance for your help.

Regards

mohitk · 4/17/17

Hi Pablo,

The hotfix is not public as of now. This fix is officially coming in next Feature Pack. If it's urgent you can get it via Adobe's customer support by opening a RFH for the same.

-Mohit