Win a copy of The Way of the Web Tester: A Beginner's Guide to Automating Tests this week in the Testing forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

integrating facebook login to my already existing Spring-Security REST API

Paul Makes
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

I have a backend server (Java / Spring / Spring Security). Currently when users from mobile app login, they simply submit their username/password and Spring Security creates a Session and assign it to the request with a JSESSIONID.

We would now also have a button on the mobile app "Login with Facebook". Here is my understanding of how it will work.

1. mobile app uses facebook SDK to get an "access_token"
2. mobile app retrive USer Profile from facebook (name,surname,email etc..) checks (against MY server) if the username is unique
4. If username unique, call MY REST api, with something like this /login/facebook POST over SSL and passing the access_token, email, username etc...)
my server then checks if the access_token is valid

5. If yes, if the UID returned by facebook is already present in my local database, I signin the user as follow:

6. If i don't find the UID, I just create a new user and login the user.

and from now on every request made to the server by the mobile will have the SESSION (created and attached by spring security) and the mobile app is authenticated

Could someone tell me if this is a good way of doing things ? Should I stop using sessions and switch to Spring-Security-OAUTH2 ?

thank you
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic