integrating facebook login to my already existing Spring-Security REST API
posted 1 year ago
I have a backend server (Java / Spring / Spring Security). Currently when users from mobile app login, they simply submit their username/password and Spring Security creates a Session and assign it to the request with a JSESSIONID.
We would now also have a button on the mobile app "Login with Facebook". Here is my understanding of how it will work.
1. mobile app uses facebook SDK to get an "access_token"
2. mobile app retrive USer Profile from facebook (name,surname,email etc..)
3.mobile checks (against MY server) if the username is unique
4. If username unique, call MY REST api, with something like this /login/facebook POST over SSL and passing the access_token, email, username etc...)
my server then checks if the access_token is valid
5. If yes, if the UID returned by facebook is already present in my local database, I signin the user as follow:
6. If i don't find the UID, I just create a new user and login the user.
and from now on every request made to the server by the mobile will have the SESSION (created and attached by spring security) and the mobile app is authenticated
Could someone tell me if this is a good way of doing things ? Should I stop using sessions and switch to Spring-Security-OAUTH2 ?