0

I have been following @Dave Syers' excellent tutorial on Spring boot and oAuth2

I have been able to create a log in function, so that protected resources need a login to facebook before they can be accessed.

But now I am trying to create a "sign up" page. On stackoverflow, for example, there is an option to sign up with facebook, so your details are sent to Stackoverflow.com from facebook. How can this be performed with oAuth2? I was able to do this with spring-social, but I cannot wrap my head around how to do this with a direct oauth2 approach.

Please help?

Somaiah Kumbera
  • 7,063
  • 4
  • 43
  • 44

2 Answers2

4

The answer was simpler than I expected. All I needed to do was add my custom AuthenticationSuccessHandler to the filter:

All I had to do was add an AuthenticationSuccessHandler handle to the method that returns a Filter ssoFilter()

@Autowired
private CustomAuthenticationSuccessHandler customAuthenticationSuccessHandler;


private Filter ssoFilter() {
    OAuth2ClientAuthenticationProcessingFilter facebookFilter = new OAuth2ClientAuthenticationProcessingFilter("/login/facebook");
    OAuth2RestTemplate facebookTemplate = new OAuth2RestTemplate(facebook(), oauth2ClientContext);
    facebookFilter.setRestTemplate(facebookTemplate);
    facebookFilter.setTokenServices(new UserInfoTokenServices(facebookResource().getUserInfoUri(), facebook().getClientId()));
    facebookFilter.setAuthenticationSuccessHandler(customAuthenticationSuccessHandler);
    return facebookFilter;
}

And my CustomAuthenticationSuccessHandler was just a component that extended AuthenticationSuccessHandler

@Component
public class CustomAuthenticationSuccessHandler implements AuthenticationSuccessHandler {

@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
                                    Authentication authentication) throws IOException, ServletException {
    //implementation
}

}

So in my sign up page, I could simply use the same login action, but in the success handler I created the User and stored her in the DB

Somaiah Kumbera
  • 7,063
  • 4
  • 43
  • 44
2

Make a integrated jwt-oauth2-signup-login is difficult. There are some easy way: 1, to use satellizer-spring-boot, or satellizer. 2,to use spring social. 3, add jwt to spring oauth2 as separate provider:

This is how to do with 3: I have not use signup+oauth2 yet(Because I like spring social and it can do same function), but in theory it can be done in a very easy and can be done as follow:

First, when user login (Register on facebook will also lead to login page) form facebook, just import the user's information and write the information to user model. It is can be done with a controller and a view.

On front page, it is easy to make user choose to login, or register a new account: As Spring boot support multiple filter and multiple AuthenticationProvider,That means you can use two filters, one for oauth2,and another (jwt local server) filter for local server register.

1,download a standard spring boot jwtFilter.java file and put it in your config directory.

2,Make a controller for register new user. 3, make a /login to return jwt token.

3, make two filter, one for oauth2, one for local jwt.

4, make a Sign up link to /register. and a login tag link to /login.

ps: you can copy all the lines form a standard spring boot jwt project, here is one: https://github.com/mrmodise/senepe

Arthur Zhixin Liu
  • 328
  • 3
  • 7
  • hi @Arthur Zhixin Liu. Satellize seem very great. But i can't find a angular 2+ version. i'd like to Know if it has angular 2 or angular 4 version and if it is easy to use. Thanks – soung Aug 18 '17 at 16:37
  • I did not find Satellize in angular 2 version. And you can use Auth0, or Jhipster. Which have Angular 2 version. – Arthur Zhixin Liu Aug 18 '17 at 21:43