Assigning different roles for different facebook connect buttons

[PatrickHuetter]

Hi! I need to give the appUser different roles depending on wich facebook connect button he clicked.

For example: If he clicked on "Register as Organizer"-page on the connect button, he gets the organizer role, after he was successfully authorised. If he clicked on "Register as Affiliate"-page on the connect button, he gets the affiliate role.

Is it possible to implement this use-case? Or is there a possibility to configure different return urls for each button, so i could give the user the correct roles depending wich return url was visited?

[splix]

Not sure that there are easy and correct way for such thing. I mean with simple configuration.

I can suggest you to put this information into user session before redirecting to Facebook. At this case you have to use Server Side Authentication filter, and your own button, I mean html code for a facebook connect button. This button should open your own controller (with a special parameter, I guess), to remember user type into a session. And only then, controller should redirect user to Facebook authorization filter. Like:

def registerOrganization() {
  session.registrationType = 'organization'
  String filter = SpringSecurityUtils.securityConfig.facebook.filter.redirect.redirectFromUrl
  redirect(uri: filter)
}

Also you have to implement FacebookAuthService.createRoles method, like:

def createRoles(def user) {
   def session = RequestContextHolder.currentRequestAttributes().getSession()
   def roles = ['ROLE_USER']
   if (session.registrationType == 'organization') {
      roles << 'ROLE_ORGANIZATION' 
   }
   roles.each {
      def role = Authority.findByAuthority(it)
      PersonAuthority.create(user, role)
   }
}

Does it work for your situation?

[PatrickHuetter]

Hi Splix, this doesn't work as expected because it redirects me to the start page after authorisation with facebook (redirectFromUrl isn't correct). The Roles don't get created because createRoles doesn't get called. I'm searching for the cause of that.

I would like to add a new feature to your plugin that gives the user the possibility to set the redirect url and permissions optional via taglib. Could you give me an advice where i should hook into?

[PatrickHuetter]

push :)

[splix]

Oh, sorry, I missed your reply :( That was good idea to push the discussion :)

createRoles should be called on first time user logged in through Facebook. Also, if ....redirectFromUrl doesn't contain valid path of Authentication Filter, it means that something wrong with configurations, it's filled by default, so maybe you've removed the value?

As about the feature - I see following scenario:

1. add params attribute to taglib button
2. taglib should add this parameters to the link url - see https://github.com/splix/grails-spring-security-facebook/blob/master/grails-app/taglib/com/the6hours/grails/springsecurity/facebook/FacebookAuthTagLib.groovy#L121
3. add to FacebookAuthToken a new field like params
4. FacebookAuthRedirectFilter will get this parameters and put them into session on initial request (before user get redirected to FB), and put back into FacebokAuthToken.params after - see https://github.com/splix/grails-spring-security-facebook/blob/master/src/groovy/com/the6hours/grails/springsecurity/facebook/FacebookAuthRedirectFilter.groovy#L35 So, inside FacebookAuthService you'll be able to read this data from FacebookAuthToken.

I'll really appreciate if you'll implement this feature in the code. I think it could be helpful feature.