I have a grails app configured with spring-security-core and I need to allow Facebook / Twitter logins. I'm using the facebook plugin for grails and I'm using twitter4j for twitter authentication. Currently, I am successfully authenticating against Twitter and Facebook.
I'm wondering how I am to integrate those logins with Spring security. If a user logs in with Twitter I am assuming I need to create an account in my database and then use that account to process a login for Spring Security so that it wires up the session appropriately and all the authentication checks happen based on my #Secured annotations and tag usage in my views.
Something similar, I am guessing, needs to happen based on Facebook logins. Can someone point me in the right direction to get this implemented correctly?
A really good resource for understanding how to integrate an external authentication source is this article by Luke Taylor:
http://blog.springsource.com/2010/08/02/spring-security-in-google-app-engine/
Grant
Related
I want to implement an OAuth with SuccessFactors solution for my web application but I am having a hard time figuring out the best way to implement this, or if there is an existing workflow to do this.
I have a Ruby on Rails app that already uses Omniauth to authenticate with other services (Facebook, Twitter, Office 365, etc) so I thought this would be easy.
I just want my users to be able to sign-in using SuccessFactors and to pull basic information from it (name, email, status, etc). I am very unfamiliar with SuccessFactors' method of authentication as detailed here. It seems to use both SAML 2.0 and OAuth 2.0.
Does anyone have any experience with this or with similar authentication flows? Will I be able to make this work with Omniauth?
I am creating website using Spring Boot, Spring MVC and spring-security-oauth2 and I am trying to authenticate my locally stored users against Google, Facebook, GitHub ... OAuth2 services. I also have standard username-password for them.
My idea is to store pair of [OAuth2_provider_type,OAuth2_subjectId] for each user to local database from the first success oauth login and then use this pair to find correct user when user authenticate himself by Google (or FB...) again. I have correctly authenticate with Google/Facebook but I don't know how to connect my local stored users to Spring OAuth2 Security and get them to SecurityContext.
Could somebody point me to some example or integration test where I can see something similar?
I am scanning spring-security-oauth2 sourcecode and I am confused little bit - do I need OAuth2 AuthorizationServer or ResourceServer for that?
Thanks for any help!
We have an App which uses Spring Security along with username/password credentials. We want to add the ability to use Google+ as an alternative sign in option. In the user record, I would store the google user id along with the authenticated token rather than a password.
However, I have not had any success finding any docs or guidelines about how to do so. The spring security docs provide a way of doing it via openId, but Google recommends using Google+ Sign-in or OAuth 2.0. I have found plenty of information about how to access oauth restricted resources from google, but none that use google as an authentication provider.
I may have to dig in and figure out how to implement my own spring authentication provider and user details solution for use with google authentication, but I would love it if someone could point me to where it has already been done, as I would be amazed if no one has done it before, and I'd prefer not to reinvent the wheel.
Thanks in advance.
I ended up using pac4j and spring-security-pac4j
Is there a way to authenticate to Facebook / Twitter using basic authentication? the application I am working on requires posting to those two sites without the need to open the oAuth Dialog.
Both twitter & facebook don't support basic auth.
No, thank goodness.
Basic authentication requires that you take the user's password, which is a secret between them and Twitter/Facebook. You shouldn't be asking for it.
If your app is physically unable to display the dialog, OAuth 2.0 (not available on Twitter) offers a way (last I checked) for an independent web browser on another computer to perform the OAuth authorization process to your app running on some limited device.
I use Twitter oAuth to allow users to signup for my site.
I have the user's access_token, access_secret from their signup stored.
When the user wants to return to the site and login to their account, how do I authenticate them using twitter login/password?
I do not want to ask users to give access like:
- give access to example.com to read/write your stuff on twitter
The user already has signed up using their twitter credentials, how do I reuse it instead of asking them to create a separate password?
I would rather not venture towards authlogic in addition to oauth
Currently, if the user is already logged into twitter, I can authenticate him.
using the access_token, access_secret. What if he is not logged in?
How do I prompt for username/password for twitter and authenticate for my app?
Thanks for your help.
Try using them OmniAuth gem. Makes doing that pretty straight forward.
If you're not wanting another gem dependency, you could probably code up your own functionality based on what they do with their twitter strategy and abstract oauth logic.
This RailsCasts episode demonstrates how to create a simple authentication system that only requires an OAuth verification, without the need for a seperate user account maintained by your app.