I am creating website using Spring Boot, Spring MVC and spring-security-oauth2 and I am trying to authenticate my locally stored users against Google, Facebook, GitHub ... OAuth2 services. I also have standard username-password for them.
My idea is to store pair of [OAuth2_provider_type,OAuth2_subjectId] for each user to local database from the first success oauth login and then use this pair to find correct user when user authenticate himself by Google (or FB...) again. I have correctly authenticate with Google/Facebook but I don't know how to connect my local stored users to Spring OAuth2 Security and get them to SecurityContext.
Could somebody point me to some example or integration test where I can see something similar?
I am scanning spring-security-oauth2 sourcecode and I am confused little bit - do I need OAuth2 AuthorizationServer or ResourceServer for that?
Thanks for any help!
Related
I am trying to implement sns login with Spring Security. The api server is spring-boot and the front is android and iOS.
From my understanding, it seems that spring-security-oauth-client supports the process of issuing an access token with server side rendering. (authentication code grant or implicit grant ..etc)
This is where my troubles begin.
First of all, I want to use OpenId Connect because I know that authentication should not be processed with oauth's access token.
Because android needs to use the sdk, the front (android) issues the idToken and gives it to the backend server.
So I wanted to implement it using the oauth2 function supported by spring-security, but I couldn't find a good way. So the following question arose:
Can it be implemented with the oauth-support function of spring-security?
So, I am trying to process authentication by creating an Authentication Provider for each oauth provider through a custom filter that directly extends OncePerRequestFilter.
Another question arises here.
Is there any difference between implementing the filter directly in spring-security and performing authentication in the controller of the spring container? performance or other aspects
thank you.
I am building a new application using microservices with a frontend UI using React JS. I have created an auth microservice using Spring Boot and OAuth 2.0. For single page applications I have read that I should use the implicit grant instead of the password grant. The auth microservice will support this but my question is where would I implement the UI for the user to put their username and password? Would it be within the auth microservice or would I have to create a separate UI application?
The authentication form will be on your auth microservice. Think for example as you use google login. You'll see google login page even if you have your own microservice. It's because authentication provider is google and you redirect user to login to google.
I implemented all grant types a while back. May be this will help you.
Here is I have a small problem of architecture, first of all, I have two applications:
An api writes symfony 3.3
A front writes too it symfony 3.3
Then, I would like have two manner to sign in:
the first one by using of third application such as Facebook, Google or Twitter. For this part I thought of using hwiOauthBundle
Or simply by login / password. Here I thought of using FOSUerbundle
Finally I would like to have secure api, that a not connected user cannot reach the resources of the api.
What do I have to install or to develop to have all the expressed criteria higher?
In advance, thank you of your answer.
You have to setup some kind of login proxy endpoint that has the oauth client_id and secret.
Then with the username and password given by the user you have to query the backend oauth token endpoint to get an accesss token.
After that you just need to sign your request to the backend with that token.
In my case I'm using FosUserBundle for user management, FosOauthServerBundle for the Open Auth management. Both are installed in the backend.
Once installed you have to register a aAuth client. This tutorial was really helpful for me OAuth2 Explained
We have all the user data in our local mysql database. We are moving our services to cloud and I need to use cloudfoundry UAA to authenticate by calling a login microservice endpoint on our network instead of doing uaac add user for all the users in db.
I am new to this, it would help me if you can explain the steps to do it.
Thanks in advance
I assume (based on the SAML tags on your question) that you are thinking of doing this with SAML. If this is your first time doing SAML then there is a bit of learning curve. If so you may find it easier to just creating a custom Login app.
SAML
You would setup an Identity Provider and the IdP would authenticate users against either mysql or your login microservice. simplesamlphp can be used for this purpose. A user would authenticate to the IDP, the IdP generates a SAML assertion (e.g a signed xml doc with information about the user) that gets sent to the Service Provider (UAA). The service provider then looks at the assertion to determine who the user is. UAA supports SAML logins. It has been a while since I've set it up that way, but I recall you run a separate 'login' war from the rest of UAA, and the login war uses APIs to talk to UAA. You also need to configure the SAML trust relationship between ssp and the UAA login war. This isn't hard to do if you are familiar with SAML. If you aren't then it can be difficult to get all the pieces right.
Custom Login App
I think an easier approach is to just build your own login app that calls your authentication service and the UAA apis. UAA provides a sample app and documentation
I have a grails app configured with spring-security-core and I need to allow Facebook / Twitter logins. I'm using the facebook plugin for grails and I'm using twitter4j for twitter authentication. Currently, I am successfully authenticating against Twitter and Facebook.
I'm wondering how I am to integrate those logins with Spring security. If a user logs in with Twitter I am assuming I need to create an account in my database and then use that account to process a login for Spring Security so that it wires up the session appropriately and all the authentication checks happen based on my #Secured annotations and tag usage in my views.
Something similar, I am guessing, needs to happen based on Facebook logins. Can someone point me in the right direction to get this implemented correctly?
A really good resource for understanding how to integrate an external authentication source is this article by Luke Taylor:
http://blog.springsource.com/2010/08/02/spring-security-in-google-app-engine/
Grant