Facebook logout not correctly managed

[GoogleCodeExporter]

FacebookAuthenticationProvider doesn't manage invalid tokens given by the user 
logging out facebook externally.

Method authenticate(...) should manage the case in which the fetchObject in 
line 49 returns a FacebookOAuthException, and convert the exception to a proper 
one, or return null to let the chain do the rest.

My fix at the moment is overriding the provider - pretty easy - but, to me, the 
provider should be modified itself.

Original issue reported on code.google.com by scou...@gmail.com on 26 Jul 2012 at 3:13

[GoogleCodeExporter]

Thanks for the report, could you perhaps provide a patch?

Original comment by florian....@gmail.com on 27 Jul 2012 at 8:31

[GoogleCodeExporter]

I'm going to prepare one soon. I have to decide whether this exception should 
be included in the previous exception flow or managed differently.
I'll upload the patch asap, anyway.

Original comment by scou...@gmail.com on 27 Jul 2012 at 8:59

[GoogleCodeExporter]

The solution isn't that easy...

Infact, even if the app recognise that the current token isn't valid anymore, 
cleaning the session needs logout url being opened directly by the client 
browser. So the complete solution NEEDS a client component. Without that, the 
app will consider current authorization invalid (that is correct) and show 
login page to user. But since session has authentication data, oauth_check will 
fail and send to login page once more. Client MUST issue a 
/j_spring_security_logout.

Any idea to reproduce the same effect without an explicit page?

Original comment by scou...@gmail.com on 28 Jul 2012 at 10:06

[GoogleCodeExporter]

To be clearer: we need three different states.
1) authenticated
2) not authenticated
3) authenticated but with invalid token

The third state should be like the second to user, but needs one more step.

Original comment by scou...@gmail.com on 28 Jul 2012 at 10:17