In my application I use Spring Boot Social and have two kind of urls, for example
/connect/twitter
and
/signin/twitter
Both of them work pretty similar.. what differences between these urls and which one should I use in order to authenticate\authorize user via social networks ?
The /signin/twitter link should be used if you want to support a user logging in to your application with their twitter credentials.
The /connect/twitter link should be used if you have user authentication in the app and you just want users to connect their accounts (for example, a logged in user wants to connect their twitter account so they can see their followers etc)
See the following docs for reference:
The "connect framework"
Sign in with service provider
Related
I try to achieve the following behavior with Spring Boot:
When a user wants to log in to my site he can choose from multiple OAuth2 serves (for example Google, Facebook, GitHub, etc...).
He selects an option (for example google) and logs in with google OAth2.
Then my site takes the e-mail address from OAuth2 and loads the user from a database to use as Principal.
So I basically want the Principal to always be the same (read from database) and do not depend on which OAuth2 server the user uses to log in.
To achieve the behavior, you're looking for, I would suggest you take a look at PrincipalExtractor, here's a blog post about it.
I am trying to make a mobile app in React-Native and Server in Spring-Boot which have a OAuth2 implemented API endpoints.
My question is how can I integrate Social Logins into my React-Native app which in save a user in my user table. apart from Social login I am using naive register/login flow which require username/password to provide access token from OAuth2 Server. How can I do the same with Just Social Login without prompting user any password or other extra information.
any general solution for this will help regardless of tech I am using.
Thanks
Usually when using social networks to login/sign up you'll get a token returned in your app which you can send via your REST API and on your backend it can then retrieve the users information from the social platform used depending on the granted scopes(e-mail, username, etc...) and store the retrieved values in the database.
Thats basically how it works in general, but if you want to have more information you probably still need to share some more info about your tech used.
Hopefully that helped you out ;)
I have implemented a Spring Boot application with AngularJS frontend. Have also setup users along with their permissions. Right now I am able to login with any of these users and is working well with Spring security. I would like to turn this traditional login flow into a Facebook/Google OAuth login flow, where in I want the users to use their Facebook/Google account to log in and they will be mapped to their internal users automatically. This will help me in getting rid of maintaining passwords of these users.
I found many articles talking about setting up OAuth with Spring Boot and how can Facebook/Google login be integrated with a Spring Boot application. But I am having difficulty in finding an article which talks about linking a Facebook/Google user with internal users.
How should I go about this?
Look for a user with the associated facebook/google userID.
If that user does not exist you request an email address and try to match it with an existing legacy account.
If you do not get a email adress for any reason (not acceping the authorization request for example) you could show a popup box asking for the email adress explaining why you need it.
You then locate the legacy user and merge it adding the facebook/google ID to look it up in the future.
If no user is found with the email adress you either refuse the user or create a new account.
you should be able to do all of this by implementing your own AuthenticationProvider
Before you can fetch a user’s data from Facebook, you must specify your application’s ID and secret by setting the spring.social.facebook.appId and spring.social.facebook.appSecret properties. You can set these via any means supported by Spring Boot, including setting them in an application.properties file:
spring.social.facebook.appId=233668646673605
spring.social.facebook.appSecret=33b17e044ee6a4fa383f46ec6e28ea1d
For reference you can follow this article: https://spring.io/guides/gs/accessing-facebook/
I have developed a web application (spring mvc, spring security) which has a its own login.
Now I want to change the application to login with an another web site's (2nd web) credentials and also need to get some user details from 2nd website.eg: username, user role list for create authentication object.
Please help me to choose best way to do this.
Is openID or oauth2 better for my client application?
OpenID and oAuth are 2 different things.
Lately, Google announced it stops supporting OpenID, so maybe oAuth2.0 is a better option for you.
Note that if you choose oAuth of 3rd-party, you force your users to have account there. for example, if your application (the resource server) uses Facebook for authentication/authorization, your users will HAVE TO have account on Facebook (you want that?!).
If you work with OpenID, your users have several options of where to hold their account...
If you have another 3rd party (or in-house, it does not really matter) authentication server and you want to authenticate your users with it - you have to know what specifications it supports. For example, if it supports oAuth2.0, you can pretty easily configure your app to work with it.
Hope that helps...
If I understand you correctly, you are talking about using Social Networks like Google+, Facebook, to be able to login to your application (This is identity services, where you don't have actual password, but rather access token with limited scope).
For that there is a Spring Social, project, that provides set of abstractions, for such kind of integration, including additional Spring MVC Controllers, needed for proper authentication in this Social Networks.
I'm using Spring Social to connect user application account to a social account (Facebook and/or Twitter).
It turns out that it is possible that two different user accounts connect to the same social account.
Example:
User1 in my webapp connects with Facebook account #1
User2 in my webapp connects with Facebook account #1
This is possible now. Looks like this happens inside Spring Social.
After that, sign-in with social account is not possible for both accounts.
I would like to avoid connecting same social account to different webapp users at a point when User2 tries to connect. Any hint how can I do that is appreciated!
An answer to this question is providede here.
Code example here.
In short, ConnectInterceptor must be used for ConnectController to check for existing connection and remove currently creating connection if its a duplicate.
If you are using default connection controller provided by spring social, after getting the user token/secret it stores in database. To store in database spring-social uses :
org.springframework.social.connect.jdbc.JdbcConnectionRepository
org.springframework.social.connect.jdbc.JdbcUsersConnectionRepository
Before storing into database you can validate the items and provide your own logic.
Hope this helps!