Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Integration of Faceboot OAuth Android, IOS SDK, Google Open ID Android, IOS SDK with Spring Security #6461

Closed
ankurpathak opened this issue Jan 20, 2019 · 6 comments
Closed

Integration of Faceboot OAuth Android, IOS SDK, Google Open ID Android, IOS SDK with Spring Security #6461

ankurpathak opened this issue Jan 20, 2019 · 6 comments
Assignees
@jgrandja
Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: duplicate A duplicate of another issue

Comments

@ankurpathak
Copy link
Contributor

ankurpathak commented Jan 20, 2019
edited
Loading

@jgrandja @rwinch @jzheaux I am working on a project with Android and IOS developers.
We have our backend as full Spring Stack(Spring Boot) and Front end as Native Android & Native
IOS Apps.
We want to do login with Google and Facebook in our Frontend(Native Android & Native IOS Apps).
Frontend developes have already implemented:

  1. Login with Facebook useing SDK provided by facebook for Native Android and Native IOS
    https://developers.facebook.com/docs/facebook-login/android/
    https://developers.facebook.com/docs/facebook-login/ios/
  2. Login with Google useing SDK provided by Google for Native Android and Native IOS
    https://developers.google.com/identity/sign-in/android/backend-auth(Please Check TODO in Step 4
    Given By Google).

So now few quesions I would like to put and have Healthy Discuss with Spring Security Team:

  1. How we can Integrate this case with our Backend using Spring Security?
  2. What is the best possible way to integrate this use case with Spring Security?
  3. Is this case fits with any existing Authentication Mechanism we have in Spring Security?
  4. How this use case goes with OAuth Login Support in Spring Security?

Possible solution I can think of is to provide a AuthenticationFilter which take Provider and
Token as input which validates Token with a Provider with some mechanish. The Filter based on
result of Token validation do the authentication and authorization.

I think this usecase is very common and will be encountered by almost every Spring Developer.

I could have written this question on StackOverFlow. But I have written here because I would like this
use case either to be discribed in Spring Security Reference Documentation by some Examples or have inbuild support for it in Spring Security by some means based on the outcome of this discussion
@jgrandja
Copy link
Contributor

@ankurpathak

I think this usecase is very common and will be encountered by almost every Spring Developer.

Agreed. And we should provide an easy way for mobile developers to implement this in a secure manner. Native apps can be tricky.

Let me dig into this a bit deeper and get back to you. In the meantime, you may find this useful - OAuth 2.0 for Native Apps.

@jgrandja jgrandja self-assigned this Jan 22, 2019
@ankurpathak
Copy link
Contributor Author

@jgrandja Is this specification in Practice ie any Real Example useing it? Because most of OAuth and OpenID provider like Facebook, Google, Linkedin are providing SDK for Native Apps for doing Login With Them.

@jgrandja
Copy link
Contributor

@ankurpathak

Is this specification in Practice ie any Real Example useing it?

I'm not aware of any applications/libraries that are using it. However, I would expect there are a few out there given this reference documents best practices on how to integrate with native apps.

@jgrandja jgrandja mentioned this issue Apr 30, 2019
Closed
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label May 7, 2019
@jgrandja jgrandja added in: docs An issue in Documentation or samples in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) and removed status: waiting-for-triage An issue we've not yet triaged labels May 21, 2019
@jgrandja jgrandja removed their assignment Jun 4, 2019
@xBioDreadx
Copy link

Maybe there are already appeared some examples of this use case?
Can you point to some of spring auth tools that can be used for it?

@orgesballa
Copy link

Is there any update for this issue?
The documentation is not very clear on how to proceed with native apps.

@jgrandja
Copy link
Contributor

Closing in favour of spring-security-samples#11 and spring-security-samples#12.

@jgrandja jgrandja added status: duplicate A duplicate of another issue and removed in: docs An issue in Documentation or samples labels May 18, 2021
@jgrandja jgrandja self-assigned this May 18, 2021
@sdack-cloud sdack-cloud mentioned this issue Aug 21, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jgrandja jgrandja

Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: duplicate A duplicate of another issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@rwinch @ankurpathak @xBioDreadx @jgrandja @spring-projects-issues @orgesballa