Implementing Facebook Login

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Implementing Facebook Login

Mike_Warren
I'm just getting to grips with Shiro (which I have to say has been very nice and intuitive nice use so far), and also now trying to use Facebook / OAuth as a login mechanism.

I have read of other discussion around this area,
http://shiro-user.582556.n2.nabble.com/Advice-on-Shira-with-FB-Connect-Session-Clustering-Efficiency-td6832777.htm
but as it covers other questions I thought I'd post a new topic.

Basically I've got Facebook login working but not sure if my approach is correct.

I've implemented a new Facebook realm, with associated Credentials matcher and token, see link below for a blog post with more details. I've decided that my credentials matcher doesn't actually need to do anything because by the time it is called upon Facebook has already done the job of gathering credentials and checking them. I've also ended up with a FacebookToken class which holds a code for use in calls to facebook, but which just returns null for getPrincipal and getCredentials as when it comes to authentication I consider Facebook to be responsible for determining the Principal and getting credentials. Does this sound right to anyone with more experience in this area ?

Anyway, any thoughts on this appreciated, or if there's anyone else who's already done this I'd be more than happy to not be reinventing the wheel.

Blog posts of what I've done so far.
http://mrdwnotes.wordpress.com/2011/11/28/using-apache-shiro-security-to-allow-login-via-facebook-part-1/

http://mrdwnotes.wordpress.com/2011/11/28/using-apache-shiro-security-to-allow-login-via-facebook-part-2/

thanks Mike
Reply | Threaded
Open this post in threaded view
|

Re: Implementing Facebook Login

kaosko
I thought the approach sounded familiar :) I never intended to make my
facebook integration
(http://tynamo.org/tynamo-federatedaccounts+guide) generic to all
servlet environments since you soon get to a point where you'd like to
customize the flow and the layouts with your ui framework of choice,
but to me that flow is the only one that makes sense with Oauth(2) -
although then again, I'm strongly biased. It'd be interesting to
collaborate on the federated account interfaces, perhaps to generalize
the common parts to yet another library. In the Tynamo trunk, we've
refactored the core to support multiple Oauth providers using the same
base interfaces. With Oauth, OpenID etc. you'll quickly get to the
point where authorization isn't quite enough, but you need to use
provider-specific libraries.

Kalle


On Mon, Nov 28, 2011 at 6:24 AM, Mike_Warren <[hidden email]> wrote:

> I'm just getting to grips with Shiro (which I have to say has been very nice
> and intuitive nice use so far), and also now trying to use Facebook / OAuth
> as a login mechanism.
>
> I have read of other discussion around this area,
> http://shiro-user.582556.n2.nabble.com/Advice-on-Shira-with-FB-Connect-Session-Clustering-Efficiency-td6832777.htm
> but as it covers other questions I thought I'd post a new topic.
>
> Basically I've got Facebook login working but not sure if my approach is
> correct.
>
> I've implemented a new Facebook realm, with associated Credentials matcher
> and token, see link below for a blog post with more details. I've decided
> that my credentials matcher doesn't actually need to do anything because by
> the time it is called upon Facebook has already done the job of gathering
> credentials and checking them. I've also ended up with a FacebookToken class
> which holds a code for use in calls to facebook, but which just returns null
> for getPrincipal and getCredentials as when it comes to authentication I
> consider Facebook to be responsible for determining the Principal and
> getting credentials. Does this sound right to anyone with more experience in
> this area ?
>
> Anyway, any thoughts on this appreciated, or if there's anyone else who's
> already done this I'd be more than happy to not be reinventing the wheel.
>
> Blog posts of what I've done so far.
> http://mrdwnotes.wordpress.com/2011/11/28/using-apache-shiro-security-to-allow-login-via-facebook-part-1/
>
> http://mrdwnotes.wordpress.com/2011/11/28/using-apache-shiro-security-to-allow-login-via-facebook-part-2/
>
> thanks Mike
>
>
> --
> View this message in context: http://shiro-user.582556.n2.nabble.com/Implementing-Facebook-Login-tp7038905p7038905.html
> Sent from the Shiro User mailing list archive at Nabble.com.
>
Reply | Threaded
Open this post in threaded view
|

Re: Implementing Facebook Login

Mike_Warren
Thanks Kalle,

"I thought the approach sounded familiar"
(http://tynamo.org/tynamo-federatedaccounts+guide)
- yes the Tynamo code was very useful for me, thanks for making it public, I'd be happy to collaborate - I'll read up a bit more on Tynamo, and on OAuth(2) and contact you if I've got something I feel I could contribute, but feel free to email me with suggestions.

I'm intending to read up on OAuth a bit more and implement something similar for twitter and google, and then step back and see what can be made generic.

When you say "that flow is the only one that makes sense with Oauth(2)" I'm not sure which flow you mean?

Thanks again for the reply, and Tynamo, Mike