Spring Boot + REST Api + Social Login
0
I need to develop some backend application using spring boot (the best will be 2.0 but 1.5 is ok too) which will allow oauth login with facebook and google.
I have following requirements:
- backend will enable login with google or facebook (and on first login backend have to remember user in DB),
- backend will publish ONLY rest endpoints,
- frontend will login into facebook or google and then it will send token to backend, backend will validate token in facebook or google (obviously it depends on token provider) and return some json data.
How can i achieve that? I have seen many tutorials but all of them assume that backend and frontend are connected into one application. For some reasons i really don't want that solution: this backend will propably publish data for few applications.
Can you please help me with that? I mean some tutorials, code repo etc...
Thanks in advice
spring rest oauth social
asked Nov 24 '18 at 13:02
regenti88regenti88
63
add a comment |
0
I need to develop some backend application using spring boot (the best will be 2.0 but 1.5 is ok too) which will allow oauth login with facebook and google.
I have following requirements:
- backend will enable login with google or facebook (and on first login backend have to remember user in DB),
- backend will publish ONLY rest endpoints,
- frontend will login into facebook or google and then it will send token to backend, backend will validate token in facebook or google (obviously it depends on token provider) and return some json data.
How can i achieve that? I have seen many tutorials but all of them assume that backend and frontend are connected into one application. For some reasons i really don't want that solution: this backend will propably publish data for few applications.
Can you please help me with that? I mean some tutorials, code repo etc...
Thanks in advice
spring rest oauth social
asked Nov 24 '18 at 13:02
regenti88regenti88
63
add a comment |
0
0
0
I need to develop some backend application using spring boot (the best will be 2.0 but 1.5 is ok too) which will allow oauth login with facebook and google.
I have following requirements:
- backend will enable login with google or facebook (and on first login backend have to remember user in DB),
- backend will publish ONLY rest endpoints,
- frontend will login into facebook or google and then it will send token to backend, backend will validate token in facebook or google (obviously it depends on token provider) and return some json data.
How can i achieve that? I have seen many tutorials but all of them assume that backend and frontend are connected into one application. For some reasons i really don't want that solution: this backend will propably publish data for few applications.
Can you please help me with that? I mean some tutorials, code repo etc...
Thanks in advice
spring rest oauth social
asked Nov 24 '18 at 13:02
regenti88regenti88
63
I need to develop some backend application using spring boot (the best will be 2.0 but 1.5 is ok too) which will allow oauth login with facebook and google.
I have following requirements:
- backend will enable login with google or facebook (and on first login backend have to remember user in DB),
- backend will publish ONLY rest endpoints,
- frontend will login into facebook or google and then it will send token to backend, backend will validate token in facebook or google (obviously it depends on token provider) and return some json data.
How can i achieve that? I have seen many tutorials but all of them assume that backend and frontend are connected into one application. For some reasons i really don't want that solution: this backend will propably publish data for few applications.
Can you please help me with that? I mean some tutorials, code repo etc...
Thanks in advice
spring rest oauth social
spring rest oauth social
asked Nov 24 '18 at 13:02
regenti88regenti88
63
asked Nov 24 '18 at 13:02
regenti88regenti88
63
asked Nov 24 '18 at 13:02
regenti88regenti88
63
asked Nov 24 '18 at 13:02
regenti88regenti88
63
asked Nov 24 '18 at 13:02
regenti88regenti88
63
63
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
1
Google and Facebook have provided step by step details to integrate with their login and validate the token with backed.
You can follow the below steps for details.
Google :
https://developers.google.com/identity/sign-in/web/sign-in
https://developers.google.com/identity/sign-in/web/backend-auth
Make a rest call https://www.googleapis.com/oauth2/v3/tokeninfo?id_token= to integrate and validate the token with backed, pass the accessToken which recived on successfully logged in with frontend google web plugin and store the info or validate with your DB.
public String getGoogleTokenInfo(String accessToken) throws BadRequestException {
log.debug("Calling Google API to get token info");
RestTemplate restTemplate = new RestTemplate();
String googleResponse = null;
try {
HttpHeaders headers = new HttpHeaders();
headers.setAccept(Arrays.asList(MediaType.APPLICATION_JSON));
UriComponentsBuilder uriBuilder = UriComponentsBuilder.fromUriString("https://www.googleapis.com/oauth2/v3/tokeninfo").queryParam("id_token", accessToken);
log.debug("google login uri {}", uriBuilder.toUriString());
googleResponse = restTemplate.getForObject(uriBuilder.toUriString(), String.class);
log.info("Gmail user authenticated successfully, details [{}]", googleResponse.toString());
} catch (HttpClientErrorException e) {
log.error("Not able to authenticate from Google");
try {
JsonNode error = new ObjectMapper().readValue(e.getResponseBodyAsString(), JsonNode.class);
log.error(error.toString());
throw new BadRequestException("Invalid access token");
} catch (IOException mappingExp) {
throw new BadRequestException("Invalid user");
}
} catch (Exception exp) {
log.error("User is not authorized to login into system", exp);
throw new BadRequestException("Invalid user");
}
return googleResponse;
}
Facebook:
https://developers.facebook.com/docs/facebook-login/web#example
Make a rest call https://graph.facebook.com/me?access_token= from backed by passing the accessToken which recived on successfully logged in with facebook frontend web plugin to validate the token and get profile info and store the info to your DB.
public String getFacebookProfileInfo(final String accessToken) throws BadRequestException {
log.debug("Calling Facebook API to validate and get profile info");
RestTemplate restTemplate = new RestTemplate();
String facebook = null;
// field names which will be retrieved from facebook
final String fields = "id,email,first_name,last_name";
try {
HttpHeaders headers = new HttpHeaders();
headers.setAccept(Arrays.asList(MediaType.APPLICATION_JSON));
UriComponentsBuilder uriBuilder = UriComponentsBuilder.fromUriString("https://graph.facebook.com/me")
.queryParam("access_token", accessToken).queryParam("fields", fields);
log.debug("Facebook profile uri {}", uriBuilder.toUriString());
facebook = restTemplate.getForObject(uriBuilder.toUriString(), String.class);
log.info("Facebook user authenticated and profile fetched successfully, details [{}]", facebook.toString());
} catch (HttpClientErrorException e) {
log.error("Not able to authenticate from Facebook");
throw new BadRequestException("Invalid access token");
} catch (Exception exp) {
log.error("User is not authorized to login into system", exp);
throw new BadRequestException("Invalid user";
}
return facebook;
}
answered Nov 24 '18 at 14:13
Nawal SahNawal Sah
314
Thank you. Now i understand that i should validate token manually like You showed me and manually check this in all endpoints that my backend will have, But... what if i want to also add registration form and serve own oauth tokens also? Do you have some simple working code examples? I propably searched through all internet and i didn't find anything :(
– regenti88
Nov 24 '18 at 14:30
Yes, you can develop your own registration form and use your own token management mechanism, basic JWT auth sample code can be found at git repo github.com/nssaga/ums
– Nawal Sah
Nov 24 '18 at 14:45
But then... How should i check token validation? I mean that frontend Will send token and i Will dont know if it is from Google auth server or Facebook or my own.
– regenti88
Nov 24 '18 at 17:27
You have to use a query parameter or field in request as loginType in your login API and based on that check the token with google or facebook
– Nawal Sah
Nov 24 '18 at 18:01
Ok... I started to develop something: github.com/regentidev88/spring-social-example The idea was to add some authentication providers by adding filters and check in all filters if token is good one. At first i started with facebook login. At now it doesnt work: the authentication provider is not even being called :./ Could You please tell me why it doesnt work and... if that part of code is going to the right direction or maybe i am doing it totally wrong?
– regenti88
Nov 24 '18 at 21:14
|
show 1 more comment
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53458407%2fspring-boot-rest-api-social-login%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
1
Google and Facebook have provided step by step details to integrate with their login and validate the token with backed.
You can follow the below steps for details.
Google :
https://developers.google.com/identity/sign-in/web/sign-in
https://developers.google.com/identity/sign-in/web/backend-auth
Make a rest call https://www.googleapis.com/oauth2/v3/tokeninfo?id_token= to integrate and validate the token with backed, pass the accessToken which recived on successfully logged in with frontend google web plugin and store the info or validate with your DB.
public String getGoogleTokenInfo(String accessToken) throws BadRequestException {
log.debug("Calling Google API to get token info");
RestTemplate restTemplate = new RestTemplate();
String googleResponse = null;
try {
HttpHeaders headers = new HttpHeaders();
headers.setAccept(Arrays.asList(MediaType.APPLICATION_JSON));
UriComponentsBuilder uriBuilder = UriComponentsBuilder.fromUriString("https://www.googleapis.com/oauth2/v3/tokeninfo").queryParam("id_token", accessToken);
log.debug("google login uri {}", uriBuilder.toUriString());
googleResponse = restTemplate.getForObject(uriBuilder.toUriString(), String.class);
log.info("Gmail user authenticated successfully, details [{}]", googleResponse.toString());
} catch (HttpClientErrorException e) {
log.error("Not able to authenticate from Google");
try {
JsonNode error = new ObjectMapper().readValue(e.getResponseBodyAsString(), JsonNode.class);
log.error(error.toString());
throw new BadRequestException("Invalid access token");
} catch (IOException mappingExp) {
throw new BadRequestException("Invalid user");
}
} catch (Exception exp) {
log.error("User is not authorized to login into system", exp);
throw new BadRequestException("Invalid user");
}
return googleResponse;
}
Facebook:
https://developers.facebook.com/docs/facebook-login/web#example
Make a rest call https://graph.facebook.com/me?access_token= from backed by passing the accessToken which recived on successfully logged in with facebook frontend web plugin to validate the token and get profile info and store the info to your DB.
public String getFacebookProfileInfo(final String accessToken) throws BadRequestException {
log.debug("Calling Facebook API to validate and get profile info");
RestTemplate restTemplate = new RestTemplate();
String facebook = null;
// field names which will be retrieved from facebook
final String fields = "id,email,first_name,last_name";
try {
HttpHeaders headers = new HttpHeaders();
headers.setAccept(Arrays.asList(MediaType.APPLICATION_JSON));
UriComponentsBuilder uriBuilder = UriComponentsBuilder.fromUriString("https://graph.facebook.com/me")
.queryParam("access_token", accessToken).queryParam("fields", fields);
log.debug("Facebook profile uri {}", uriBuilder.toUriString());
facebook = restTemplate.getForObject(uriBuilder.toUriString(), String.class);
log.info("Facebook user authenticated and profile fetched successfully, details [{}]", facebook.toString());
} catch (HttpClientErrorException e) {
log.error("Not able to authenticate from Facebook");
throw new BadRequestException("Invalid access token");
} catch (Exception exp) {
log.error("User is not authorized to login into system", exp);
throw new BadRequestException("Invalid user";
}
return facebook;
}
answered Nov 24 '18 at 14:13
Nawal SahNawal Sah
314
Thank you. Now i understand that i should validate token manually like You showed me and manually check this in all endpoints that my backend will have, But... what if i want to also add registration form and serve own oauth tokens also? Do you have some simple working code examples? I propably searched through all internet and i didn't find anything :(
– regenti88
Nov 24 '18 at 14:30
Yes, you can develop your own registration form and use your own token management mechanism, basic JWT auth sample code can be found at git repo github.com/nssaga/ums
– Nawal Sah
Nov 24 '18 at 14:45
But then... How should i check token validation? I mean that frontend Will send token and i Will dont know if it is from Google auth server or Facebook or my own.
– regenti88
Nov 24 '18 at 17:27
You have to use a query parameter or field in request as loginType in your login API and based on that check the token with google or facebook
– Nawal Sah
Nov 24 '18 at 18:01
Ok... I started to develop something: github.com/regentidev88/spring-social-example The idea was to add some authentication providers by adding filters and check in all filters if token is good one. At first i started with facebook login. At now it doesnt work: the authentication provider is not even being called :./ Could You please tell me why it doesnt work and... if that part of code is going to the right direction or maybe i am doing it totally wrong?
– regenti88
Nov 24 '18 at 21:14
|
show 1 more comment
1
Google and Facebook have provided step by step details to integrate with their login and validate the token with backed.
You can follow the below steps for details.
Google :
https://developers.google.com/identity/sign-in/web/sign-in
https://developers.google.com/identity/sign-in/web/backend-auth
Make a rest call https://www.googleapis.com/oauth2/v3/tokeninfo?id_token= to integrate and validate the token with backed, pass the accessToken which recived on successfully logged in with frontend google web plugin and store the info or validate with your DB.
public String getGoogleTokenInfo(String accessToken) throws BadRequestException {
log.debug("Calling Google API to get token info");
RestTemplate restTemplate = new RestTemplate();
String googleResponse = null;
try {
HttpHeaders headers = new HttpHeaders();
headers.setAccept(Arrays.asList(MediaType.APPLICATION_JSON));
UriComponentsBuilder uriBuilder = UriComponentsBuilder.fromUriString("https://www.googleapis.com/oauth2/v3/tokeninfo").queryParam("id_token", accessToken);
log.debug("google login uri {}", uriBuilder.toUriString());
googleResponse = restTemplate.getForObject(uriBuilder.toUriString(), String.class);
log.info("Gmail user authenticated successfully, details [{}]", googleResponse.toString());
} catch (HttpClientErrorException e) {
log.error("Not able to authenticate from Google");
try {
JsonNode error = new ObjectMapper().readValue(e.getResponseBodyAsString(), JsonNode.class);
log.error(error.toString());
throw new BadRequestException("Invalid access token");
} catch (IOException mappingExp) {
throw new BadRequestException("Invalid user");
}
} catch (Exception exp) {
log.error("User is not authorized to login into system", exp);
throw new BadRequestException("Invalid user");
}
return googleResponse;
}
Facebook:
https://developers.facebook.com/docs/facebook-login/web#example
Make a rest call https://graph.facebook.com/me?access_token= from backed by passing the accessToken which recived on successfully logged in with facebook frontend web plugin to validate the token and get profile info and store the info to your DB.
public String getFacebookProfileInfo(final String accessToken) throws BadRequestException {
log.debug("Calling Facebook API to validate and get profile info");
RestTemplate restTemplate = new RestTemplate();
String facebook = null;
// field names which will be retrieved from facebook
final String fields = "id,email,first_name,last_name";
try {
HttpHeaders headers = new HttpHeaders();
headers.setAccept(Arrays.asList(MediaType.APPLICATION_JSON));
UriComponentsBuilder uriBuilder = UriComponentsBuilder.fromUriString("https://graph.facebook.com/me")
.queryParam("access_token", accessToken).queryParam("fields", fields);
log.debug("Facebook profile uri {}", uriBuilder.toUriString());
facebook = restTemplate.getForObject(uriBuilder.toUriString(), String.class);
log.info("Facebook user authenticated and profile fetched successfully, details [{}]", facebook.toString());
} catch (HttpClientErrorException e) {
log.error("Not able to authenticate from Facebook");
throw new BadRequestException("Invalid access token");
} catch (Exception exp) {
log.error("User is not authorized to login into system", exp);
throw new BadRequestException("Invalid user";
}
return facebook;
}
answered Nov 24 '18 at 14:13
Nawal SahNawal Sah
314
Thank you. Now i understand that i should validate token manually like You showed me and manually check this in all endpoints that my backend will have, But... what if i want to also add registration form and serve own oauth tokens also? Do you have some simple working code examples? I propably searched through all internet and i didn't find anything :(
– regenti88
Nov 24 '18 at 14:30
Yes, you can develop your own registration form and use your own token management mechanism, basic JWT auth sample code can be found at git repo github.com/nssaga/ums
– Nawal Sah
Nov 24 '18 at 14:45
But then... How should i check token validation? I mean that frontend Will send token and i Will dont know if it is from Google auth server or Facebook or my own.
– regenti88
Nov 24 '18 at 17:27
You have to use a query parameter or field in request as loginType in your login API and based on that check the token with google or facebook
– Nawal Sah
Nov 24 '18 at 18:01
Ok... I started to develop something: github.com/regentidev88/spring-social-example The idea was to add some authentication providers by adding filters and check in all filters if token is good one. At first i started with facebook login. At now it doesnt work: the authentication provider is not even being called :./ Could You please tell me why it doesnt work and... if that part of code is going to the right direction or maybe i am doing it totally wrong?
– regenti88
Nov 24 '18 at 21:14
|
show 1 more comment
1
1
1
Google and Facebook have provided step by step details to integrate with their login and validate the token with backed.
You can follow the below steps for details.
Google :
https://developers.google.com/identity/sign-in/web/sign-in
https://developers.google.com/identity/sign-in/web/backend-auth
Make a rest call https://www.googleapis.com/oauth2/v3/tokeninfo?id_token= to integrate and validate the token with backed, pass the accessToken which recived on successfully logged in with frontend google web plugin and store the info or validate with your DB.
public String getGoogleTokenInfo(String accessToken) throws BadRequestException {
log.debug("Calling Google API to get token info");
RestTemplate restTemplate = new RestTemplate();
String googleResponse = null;
try {
HttpHeaders headers = new HttpHeaders();
headers.setAccept(Arrays.asList(MediaType.APPLICATION_JSON));
UriComponentsBuilder uriBuilder = UriComponentsBuilder.fromUriString("https://www.googleapis.com/oauth2/v3/tokeninfo").queryParam("id_token", accessToken);
log.debug("google login uri {}", uriBuilder.toUriString());
googleResponse = restTemplate.getForObject(uriBuilder.toUriString(), String.class);
log.info("Gmail user authenticated successfully, details [{}]", googleResponse.toString());
} catch (HttpClientErrorException e) {
log.error("Not able to authenticate from Google");
try {
JsonNode error = new ObjectMapper().readValue(e.getResponseBodyAsString(), JsonNode.class);
log.error(error.toString());
throw new BadRequestException("Invalid access token");
} catch (IOException mappingExp) {
throw new BadRequestException("Invalid user");
}
} catch (Exception exp) {
log.error("User is not authorized to login into system", exp);
throw new BadRequestException("Invalid user");
}
return googleResponse;
}
Facebook:
https://developers.facebook.com/docs/facebook-login/web#example
Make a rest call https://graph.facebook.com/me?access_token= from backed by passing the accessToken which recived on successfully logged in with facebook frontend web plugin to validate the token and get profile info and store the info to your DB.
public String getFacebookProfileInfo(final String accessToken) throws BadRequestException {
log.debug("Calling Facebook API to validate and get profile info");
RestTemplate restTemplate = new RestTemplate();
String facebook = null;
// field names which will be retrieved from facebook
final String fields = "id,email,first_name,last_name";
try {
HttpHeaders headers = new HttpHeaders();
headers.setAccept(Arrays.asList(MediaType.APPLICATION_JSON));
UriComponentsBuilder uriBuilder = UriComponentsBuilder.fromUriString("https://graph.facebook.com/me")
.queryParam("access_token", accessToken).queryParam("fields", fields);
log.debug("Facebook profile uri {}", uriBuilder.toUriString());
facebook = restTemplate.getForObject(uriBuilder.toUriString(), String.class);
log.info("Facebook user authenticated and profile fetched successfully, details [{}]", facebook.toString());
} catch (HttpClientErrorException e) {
log.error("Not able to authenticate from Facebook");
throw new BadRequestException("Invalid access token");
} catch (Exception exp) {
log.error("User is not authorized to login into system", exp);
throw new BadRequestException("Invalid user";
}
return facebook;
}
answered Nov 24 '18 at 14:13
Nawal SahNawal Sah
314
Google and Facebook have provided step by step details to integrate with their login and validate the token with backed.
You can follow the below steps for details.
Google :
https://developers.google.com/identity/sign-in/web/sign-in
https://developers.google.com/identity/sign-in/web/backend-auth
Make a rest call https://www.googleapis.com/oauth2/v3/tokeninfo?id_token= to integrate and validate the token with backed, pass the accessToken which recived on successfully logged in with frontend google web plugin and store the info or validate with your DB.
public String getGoogleTokenInfo(String accessToken) throws BadRequestException {
log.debug("Calling Google API to get token info");
RestTemplate restTemplate = new RestTemplate();
String googleResponse = null;
try {
HttpHeaders headers = new HttpHeaders();
headers.setAccept(Arrays.asList(MediaType.APPLICATION_JSON));
UriComponentsBuilder uriBuilder = UriComponentsBuilder.fromUriString("https://www.googleapis.com/oauth2/v3/tokeninfo").queryParam("id_token", accessToken);
log.debug("google login uri {}", uriBuilder.toUriString());
googleResponse = restTemplate.getForObject(uriBuilder.toUriString(), String.class);
log.info("Gmail user authenticated successfully, details [{}]", googleResponse.toString());
} catch (HttpClientErrorException e) {
log.error("Not able to authenticate from Google");
try {
JsonNode error = new ObjectMapper().readValue(e.getResponseBodyAsString(), JsonNode.class);
log.error(error.toString());
throw new BadRequestException("Invalid access token");
} catch (IOException mappingExp) {
throw new BadRequestException("Invalid user");
}
} catch (Exception exp) {
log.error("User is not authorized to login into system", exp);
throw new BadRequestException("Invalid user");
}
return googleResponse;
}
Facebook:
https://developers.facebook.com/docs/facebook-login/web#example
Make a rest call https://graph.facebook.com/me?access_token= from backed by passing the accessToken which recived on successfully logged in with facebook frontend web plugin to validate the token and get profile info and store the info to your DB.
public String getFacebookProfileInfo(final String accessToken) throws BadRequestException {
log.debug("Calling Facebook API to validate and get profile info");
RestTemplate restTemplate = new RestTemplate();
String facebook = null;
// field names which will be retrieved from facebook
final String fields = "id,email,first_name,last_name";
try {
HttpHeaders headers = new HttpHeaders();
headers.setAccept(Arrays.asList(MediaType.APPLICATION_JSON));
UriComponentsBuilder uriBuilder = UriComponentsBuilder.fromUriString("https://graph.facebook.com/me")
.queryParam("access_token", accessToken).queryParam("fields", fields);
log.debug("Facebook profile uri {}", uriBuilder.toUriString());
facebook = restTemplate.getForObject(uriBuilder.toUriString(), String.class);
log.info("Facebook user authenticated and profile fetched successfully, details [{}]", facebook.toString());
} catch (HttpClientErrorException e) {
log.error("Not able to authenticate from Facebook");
throw new BadRequestException("Invalid access token");
} catch (Exception exp) {
log.error("User is not authorized to login into system", exp);
throw new BadRequestException("Invalid user";
}
return facebook;
}
answered Nov 24 '18 at 14:13
Nawal SahNawal Sah
314
answered Nov 24 '18 at 14:13
Nawal SahNawal Sah
314
answered Nov 24 '18 at 14:13
Nawal SahNawal Sah
314
answered Nov 24 '18 at 14:13
Nawal SahNawal Sah
314
314
Thank you. Now i understand that i should validate token manually like You showed me and manually check this in all endpoints that my backend will have, But... what if i want to also add registration form and serve own oauth tokens also? Do you have some simple working code examples? I propably searched through all internet and i didn't find anything :(
– regenti88
Nov 24 '18 at 14:30
Yes, you can develop your own registration form and use your own token management mechanism, basic JWT auth sample code can be found at git repo github.com/nssaga/ums
– Nawal Sah
Nov 24 '18 at 14:45
But then... How should i check token validation? I mean that frontend Will send token and i Will dont know if it is from Google auth server or Facebook or my own.
– regenti88
Nov 24 '18 at 17:27
You have to use a query parameter or field in request as loginType in your login API and based on that check the token with google or facebook
– Nawal Sah
Nov 24 '18 at 18:01
Ok... I started to develop something: github.com/regentidev88/spring-social-example The idea was to add some authentication providers by adding filters and check in all filters if token is good one. At first i started with facebook login. At now it doesnt work: the authentication provider is not even being called :./ Could You please tell me why it doesnt work and... if that part of code is going to the right direction or maybe i am doing it totally wrong?
– regenti88
Nov 24 '18 at 21:14
|
show 1 more comment
Thank you. Now i understand that i should validate token manually like You showed me and manually check this in all endpoints that my backend will have, But... what if i want to also add registration form and serve own oauth tokens also? Do you have some simple working code examples? I propably searched through all internet and i didn't find anything :(
– regenti88
Nov 24 '18 at 14:30
Yes, you can develop your own registration form and use your own token management mechanism, basic JWT auth sample code can be found at git repo github.com/nssaga/ums
– Nawal Sah
Nov 24 '18 at 14:45
But then... How should i check token validation? I mean that frontend Will send token and i Will dont know if it is from Google auth server or Facebook or my own.
– regenti88
Nov 24 '18 at 17:27
You have to use a query parameter or field in request as loginType in your login API and based on that check the token with google or facebook
– Nawal Sah
Nov 24 '18 at 18:01
Ok... I started to develop something: github.com/regentidev88/spring-social-example The idea was to add some authentication providers by adding filters and check in all filters if token is good one. At first i started with facebook login. At now it doesnt work: the authentication provider is not even being called :./ Could You please tell me why it doesnt work and... if that part of code is going to the right direction or maybe i am doing it totally wrong?
– regenti88
Nov 24 '18 at 21:14
Thank you. Now i understand that i should validate token manually like You showed me and manually check this in all endpoints that my backend will have, But... what if i want to also add registration form and serve own oauth tokens also? Do you have some simple working code examples? I propably searched through all internet and i didn't find anything :(
– regenti88
Nov 24 '18 at 14:30
Thank you. Now i understand that i should validate token manually like You showed me and manually check this in all endpoints that my backend will have, But... what if i want to also add registration form and serve own oauth tokens also? Do you have some simple working code examples? I propably searched through all internet and i didn't find anything :(
– regenti88
Nov 24 '18 at 14:30
Yes, you can develop your own registration form and use your own token management mechanism, basic JWT auth sample code can be found at git repo github.com/nssaga/ums
– Nawal Sah
Nov 24 '18 at 14:45
Yes, you can develop your own registration form and use your own token management mechanism, basic JWT auth sample code can be found at git repo github.com/nssaga/ums
– Nawal Sah
Nov 24 '18 at 14:45
But then... How should i check token validation? I mean that frontend Will send token and i Will dont know if it is from Google auth server or Facebook or my own.
– regenti88
Nov 24 '18 at 17:27
But then... How should i check token validation? I mean that frontend Will send token and i Will dont know if it is from Google auth server or Facebook or my own.
– regenti88
Nov 24 '18 at 17:27
You have to use a query parameter or field in request as loginType in your login API and based on that check the token with google or facebook
– Nawal Sah
Nov 24 '18 at 18:01
You have to use a query parameter or field in request as loginType in your login API and based on that check the token with google or facebook
– Nawal Sah
Nov 24 '18 at 18:01
Ok... I started to develop something: github.com/regentidev88/spring-social-example The idea was to add some authentication providers by adding filters and check in all filters if token is good one. At first i started with facebook login. At now it doesnt work: the authentication provider is not even being called :./ Could You please tell me why it doesnt work and... if that part of code is going to the right direction or maybe i am doing it totally wrong?
– regenti88
Nov 24 '18 at 21:14
Ok... I started to develop something: github.com/regentidev88/spring-social-example The idea was to add some authentication providers by adding filters and check in all filters if token is good one. At first i started with facebook login. At now it doesnt work: the authentication provider is not even being called :./ Could You please tell me why it doesnt work and... if that part of code is going to the right direction or maybe i am doing it totally wrong?
– regenti88
Nov 24 '18 at 21:14
|
show 1 more comment
draft saved
draft discarded
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53458407%2fspring-boot-rest-api-social-login%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
