4

I'm using Spring Boot starter social Facebook in order to authenticate/authorize users through Facebook.

I'd like to add some Permissions, for example email in order to retrive user email address.

How it can be provided with Spring Boot Facebook configuration? Where I need to add scope or default Scope property ?

alexanoid
  • 24,051
  • 54
  • 210
  • 410

2 Answers2

4

In the provided example, go to resources>templates>connect>facebookConnect.html.

then you can edit the scope in the hidden input as below:

<input type="hidden" name="scope" value="user_likes,email" />

This gives you the permission to user likes and user email as an example.

Eslamunto
  • 41
  • 2
2

The starter only gives you a default authorization page. It's a nice start, but you probably won't want to actually use it because it's rather plain looking. Instead, you'd create your own authorization page with a form that POSTs to /connect/facebook. In that form, you provide a hidden field named "scope" that contains a comma-separated list of any of the permissions you'd like from Facebook.

First, you'll want to make sure that you do NOT set the spring.social.auto_connection_views property (or, if you do, set it to false). Then create a view (JSP, Thymeleaf, whatever) that matches "connect/facebookConnect". Within that, include the form that POSTs to /connect/facebook with a "scope" hidden field.

As an example, have a look at https://github.com/spring-projects/spring-social-samples/tree/master/spring-social-showcase-boot. That project uses Thymeleaf templates and you can find the facebookConnect.html template in src/main/resources/templates/connect/facebookConnect.html.

Craig Walls
  • 2,080
  • 1
  • 12
  • 13
  • Thanks for your answer. I used previously ConnectController but moved out from this class because I need to sign in user in my application using local user account (linked to OAuth credentials). So, right now I use SpringSocialConfigurer, also I use Neo4j so I have implemented own Neo4jConnectionRepository and Neo4jUsersConnectionRepository – alexanoid Apr 24 '15 at 14:56
  • This way local user account will be automatically created(if needed) and local user will be logged in right after OAuth2 dance.. that's why I have chosen SpringSocialConfigurer – alexanoid Apr 24 '15 at 15:07
  • If you're using SpringSocialConfigurer (which means that you're using SocialAuthenticationFilter), then you should be able to request scope more or less the same way. That is have a form that does a GET request to /signin/facebook and have a hidden "scope" field. See https://github.com/spring-projects/spring-social-samples/blob/master/spring-social-showcase-sec/src/main/resources/views/signin.html for an example. (Note that the actual permissions used in the form are outdated...I need to fix that. But the way they're fed to the SocialAuthenticationFilter is still valid.) – Craig Walls Apr 24 '15 at 19:42
  • Also, may I suggest that you contribute your Neo4j repositories to Spring Social? You can either submit a GitHub pull-request or offer them up as an extension library. They'd be a great addition to the project and I'm sure others in the community would love to have them. If you decide to contribute it via a PR, be sure to go to https://support.springsource.com/spring_committer_signup and complete the individual contributor agreement or else I won't be able to merge the change. – Craig Walls Apr 24 '15 at 19:45
  • Sure, thanks Craig. I have registered as a Spring contributor. My confirmation number is 118620150424084112 – alexanoid Apr 24 '15 at 20:42