I have developed token based spring security using JWT referring this project in git https://github.com/szerhusenBC/jwt-spring-security-demo. Now I need to get facebook login in my application. For social login, I found another web page https://ole.michelsen.dk/blog/social-signin-spa-jwt-server.html which explains how the social login must be carried out.
In the normal login, my JWT project creates a token based on username, password, expiry date and time of creation. Everytime the token comes, all values from above fields are retrieved and compared to authenticate the token and then served. I've two questions:
- In the social login, there will be no password created. A token will be received from the facebook(my frontend does this). I have to verify if the token is valid or not. How am I supposed to do it in JWT?
- After verifying as per the article I'm supposed to create my own token for future reference. Now, there is no password in facebook login. How do I create the token?
Let me know if there are any good site available for social login using JWT in spring boot applictaion.
I found myself in similar situation, and decided to follow a slightly different approach, delegating the responsibility of authenticating with FB to the server itself.
It provides an entry point:
“/auth/facebook”
that redirects to FBs and proceeds to the authentication.After that it acquires the AccessToken for the logged user and creates a JWT Token that returns to the client.
Here is a blog post explaining how to use Spring Social Facebook and Spring Security for a similar case: Stateless Spring Security Part 3: JWT + Social Authentication