How can I implement a java backend probably on top of Spring, we will use only REST api's to access backend.
user can login through standard login/password, and social authentication (facebook, google etc.). Is there a standard oauth2 implementation which we can use for this requirement.
Any help will be appreciated.
Thanks!
You could use Apache Oltu Client library to implement login through Facebook, Google, ... You have to implement your own user management for storing the API token, and to provide your login/password authentication. https://cwiki.apache.org/confluence/display/OLTU/OAuth+2.0+Client+Quickstart
You can also use spring social project that is built on the top of spring application framework
- Spring social facebook
- spring social main page
Related
I’m developing a spring boot application where users can register into the system by providing the necessary information. The platform should provide users to authenticate with their registered user credentials or social media login credentials (google/Facebook).
For simple user authentication, I want to create a simple post request to the server with the user name and password and after validating, the server returns a token. I do not want to use the spring security form login here.
But for social media logic, I believe I have to go with oAuth.
I’m new to spring Boot and spring security. Do I need to integrate both JWT authentication and OAuth authentication for this scenario? A suggestion would be highly appreciated
What you. describe about user management (user registration, login, logout) are standard features of OAuth2 / OpenID authorization-servers. You should pick one "from the shelf" either on premise (like Keycloak) or in the cloud (like Auth0, Amazon Cognito, and many others). Many solutions include "social" identities federation.
REST APIs are resource-servers. See those tutorials for security configuration and tests with mocked identities.
UIs are clients. You should use an OAuth2 client lib to handle OAuth2 flows. Find one for your framework Spring has one if your UI is generated on server with Thymeleaf or alike, but there are libs for Angular, React and other frameworks running in browsers.
Spring OAuth2 client libs can also be used in BFF (backend for front-end) scenario when browser client is not OAuth2 (it is secured with session, not access-token) and talks to an app on the server which is the OAuth2 client (spring-cloud-gateway is a sample but you could also write your own app with spring-boot-starter-oauth2-client). This app translates the request with session into into one with access-token before forwarding it to resource-server. The aim is to hide tokens from Javascript in the browser.
I am looking for building an iOS/Android and Angular app with Java at the backend(REST API). Java will use spring framework. I am looking for the options for User authentication. iOS/Android App will be used by the client and Angular web app will be used my management. Angular web users will have different roles so requirement requires authentication(email and password) as well as authorization. Considering this I was thinking of using Spring Security with a custom UserDetailService. However I guess that will have issues with cookies. I looked into AWS Cognito Identity and Firebase and got more confused. It will be a great help if someone can share there experience with such requirement.
i had created basic login application in angular application by referring the links:
http://jasonwatmore.com/post/2015/03/10/angularjs-user-registration-and-login-example-tutorial
and i have used cakePHP3 for rest API generation and Token is generated on the the basis of JWT, JSON Web Token (JWT) is a JSON-based open standard used for passing claims between two parties in the context of web application environment. These token are specially designed to be very compact and URL safe. Their usability in the context of web browser single sign-on is also remarkable. JWT claims are useful for passing identities’ verification between service providers and identity providers. you'll find the reference links on internet.
for android and IOS you need to learn JSON parsing first. In android, JSON parsing can be done using OKHttpclient/Volley "android hive" is best site to learn jsonParsing and in IOS jsonParsing can be done using AFNetworking.
Hope this will help you.
The Ideal Project for you is Spring Security OAuth2. With this you can make your REST API Stateless and no need to worry about Cookies and Sessions.
I am developing a application which uses Spring Rest services. I am using basic auth for authentication. I know that it is unsecure. My end client are capable of handling OAuth. I want to use OAuth, can any one point me to how to do OAuth in Java. I saw some examples they mention about Twitter , Google and Facebook.But I don't want to use social networking sites.
OAuth is a concept, and not any library which you can inject, (of course libraries exists to implement that)
So if you want to have OAuth in your application (i.e your application has its own OAuth), you have to setup following things
Authentication Server
Provide Provision to Manage OAuth Clients
Manage AccessTokens
Check out the OAuth 2.0 Specification to get clear understanding of how it works and how to build your own.
https://www.rfc-editor.org/rfc/rfc6749
I'm using Spring Security 3.0.x and I'd like my users to authenticate using OpenId and Facebook. Currently I've got the OpenId-part working, but I'm confused about how users can login with Facebook. I've read about the OAuth for Spring security, but as fas as I undestand, it is only good for accessing resources. The example applications authenticate with username and password.
So my question is, how do I authenticate users with Facebook using Spring security?
Spring Security doesn't address this (as of yet). Check out Spring Social which is designed to connect your app to Facebook, Twitter, etc. Also check out this blog post, where they have integrated Spring Social and Spring Security.
I have created a new project called spring-security-social for Facebook, which provides an authentication filter based on spring-security-oauth. As opposed to spring-security-facebook, it is actively maintained by acoveo software development and builts upon the new spring-security-oauth release.
You can also use https://github.com/pac4j/spring-security-pac4j which supports OAuth (Facebook, Twitter, Google...), CAS, SAML, OpenID (Connect) and GAE. See the demo: https://github.com/pac4j/spring-security-pac4j-demo
Which Java library do you recommend to implement authentication in a Java web app (just servlets & JSPs)? We want to offer the most common authentication providers (Facebook, Yahoo, Gmail, etc.) and also local account registration.
I have found SocialAuth but it looks pretty new and I don't know if there are better alternatives. In addition, it looks like SocialAuth will request access to users contacts which I don't need and could annoy our users.
Thanks!
You can checkout the newer version of SocialAuth, u can set the level of permissions to be asked from the users.
Spring Security is a good starting point to get a flexible authentication system in your project.
http://static.springsource.org/spring-security/site/
There is a spring-security-facebook plugin that will integrate facebook auth.
http://code.google.com/p/spring-security-facebook/
I'm not sure about the others specifically. If you are talking about OpenID then spring security supports that.
I ended up using openid4java to integrate Google and Yahoo OpenId, and plain HttpClient calls to integrate OAuth based services (Facebook and Hotmail).