Basically I've got Facebook login working but not sure if my approach is correct.
I've implemented a new Facebook realm, with associated Credentials matcher and token, see link below for a blog post with more details. I've decided that my credentials matcher doesn't actually need to do anything because by the time it is called upon Facebook has already done the job of gathering credentials and checking them. I've also ended up with a FacebookToken class which holds a code for use in calls to facebook, but which just returns null for getPrincipal and getCredentials as when it comes to authentication I consider Facebook to be responsible for determining the Principal and getting credentials. Does this sound right to anyone with more experience in this area ?
Anyway, any thoughts on this appreciated, or if there's anyone else who's already done this I'd be more than happy to not be reinventing the wheel.
I thought the approach sounded familiar :) I never intended to make my
(http://tynamo.org/tynamo-federatedaccounts+guide) generic to all
servlet environments since you soon get to a point where you'd like to
customize the flow and the layouts with your ui framework of choice,
but to me that flow is the only one that makes sense with Oauth(2) -
although then again, I'm strongly biased. It'd be interesting to
collaborate on the federated account interfaces, perhaps to generalize
the common parts to yet another library. In the Tynamo trunk, we've
refactored the core to support multiple Oauth providers using the same
base interfaces. With Oauth, OpenID etc. you'll quickly get to the
point where authorization isn't quite enough, but you need to use
"I thought the approach sounded familiar"
- yes the Tynamo code was very useful for me, thanks for making it public, I'd be happy to collaborate - I'll read up a bit more on Tynamo, and on OAuth(2) and contact you if I've got something I feel I could contribute, but feel free to email me with suggestions.
I'm intending to read up on OAuth a bit more and implement something similar for twitter and google, and then step back and see what can be made generic.
When you say "that flow is the only one that makes sense with Oauth(2)" I'm not sure which flow you mean?