TechQA.

Springboot social using facebook for authorization

243 views Asked by At

Sorry if this is a VERY stupid question...

I'm new to Spring Security and I have a basic SpringBoot Rest API which I now want to learn how to secure.

Now what I really want to do is have separate webpage that does the "Login in with Facebook" view. But how do I secure some of the endpoints in my rest api using the token from facebook?

Imagine:

Endpoint /profile -- only the user who has logged in should be able to see their profile. Endpoint /welcome -- Everyone can access Endpoint /messages -- only the user who has logged in should be able to see their messages.

What frameworks should I be using here or how do i even go about doing this

Thanks!

spring spring-security-oauth2 spring-social
Original Q&A
1

There are 1 answers

0
denizg On

Welcome to OAuth (Open Authorization). There was a problem called "Access Delegation Problem" at past, and OAuth was created to fix it. If you are able to access "Microservice Security In Action" book, it tells you exactly you want on Facebook example. (at appendix D)

In your scenario, here is the OAuth components.

  • Resource Server: Your Spring Boot Project
  • Authorization Server: Facebook
  • Resource Owner: The end-user

First of all, import spring-security-oauth2 module to your project. Then configure spring security.

delegate your authentication to Facebook by OpenID Connect / OIDC (basically, authentication by OAuth 2.0)

http.oaut2Login()

Provide authorization code flow grant type details like client_id, redirect_uri, token_uri, authorize_uri.

spring:
  security:
    oauth2:
       ...

permit some urls to be public.

http.authorizeRequests().antMatchers(preparePermittedUrls()).permitAll()

Related Questions in SPRING

Related Questions in SPRING-SECURITY-OAUTH2

Related Questions in SPRING-SOCIAL

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions