spring-guides / tut-spring-boot-oauth2

Spring Boot and OAuth2:: A tutorial on "social" login and single sign on with Facebook and Github
https://spring.io/guides/tutorials/spring-boot-oauth2/
910 stars 752 forks source link

Adding Login to a database along with the Social login #41

Open mastermind1981 opened 8 years ago

mastermind1981 commented 8 years ago

Hi,

First of all, thank you for your great work. I have a question (or a demand) the guide is very comprehensive and very detailled, yet I think it's lacking one point that seems to me very important:

Besides the examples of social , there is no example of getting a normal authentication using username/password along with the social logging against a certain store : not all the users must have a facebook or gmail to use to connect or they may not want to user their actual social account to connect. (I looked in all SO questions and answer concerning this subject but couldn't find an answer). So could you please add an example with a third link for getting a normal logging using username/password and how it can live with social login?

Thanks in advance,

PS: I know that it's a not a slim thing but I think a lot of people would be very happy if add it thanks

beribener commented 8 years ago

Also covering some topics around the integration with local db and external provider would be really helpful. Like:

dsyer commented 8 years ago

@beribener The custom-error sample in this tutorial already show you one good way to get a callback with the authentication details from the external provider (AuthoritiesExtractor). You can use the same callback to sync up with a local user database, and it is already the right place to integrate with a local role/permission system. There are other options, but I'm not sure it's worth writing a whole new chapter to enumerate them.

@mastermind1981 the additional features needed to manage local accounts with a full UI could in principle be in scope for an additional chapter if anyone ever finds the time. But once you have the callback mapped out it really just ends up being heavy lifting in the UI, so it's not a very Spring specific use case. So I haven't done it, but I suspect if I did it might not fit as part of a Spring tutorial.

mastermind1981 commented 8 years ago

@dsyer I can take in charge the UI part : I think for a first try it will be adding a new link (like github and facebook) for logging in via a username/password (I think the registration part is not important because it's a classical use of registration and does not have added value in this context) . logging form will submit a post to something like /login/db. I understand your point , but I think it may be a good starting point for people who had already a classical username/password who wants to integrate social login using spring family framework. Thanks

rameshcharykotha commented 7 years ago

Even am in need of this custom login with social integration, have done set up for Spring security OAuth2 with login form, now would like to add social integration. facing an issue with access token as custom oauth2 server would issue access_token based on password grant type, but through social login we wont get username/password, how to overcome this situation? please help.

dsyer commented 7 years ago

@rameshcharykotha maybe you should ask yourself why the social providers don't allow password token grants, and think about whether it is a good choice for your own system (hint: it probably isn't). In any case if you did want to use password grants you wouldn't (obviously) be able to support your users with a social login.

leonchaves commented 6 years ago

I am facing the exact same problem. I was able to make it work with facebook/google (instead of facebook/github), but when I tried to use ir alongside with a customized login form (based on this link and some enhancements to obtain the user from a database) it didn't work. I think it is somehow related with the filters which "hijack" the login form mechanism.

I also tried this one, but I get an injection error trying to start the app (it can't find the org.springframework.social.connect.ConnectionFactoryLocator to inject in my configuration class).

At the end, I can either make facebook/login work or the custom login form, but not both mechanisms.

Can anyone help, please?

maarkeez commented 6 years ago

Hi @leonchaves , @mastermind1981

I have made a sample project for:

Both running in the same application. You can check it here

You can run the server application with -Dspring.profiles.active=database-loader property for create the initial admin user.

I hope you can find it helpfull after all this time.

Best regards,

David Márquez Delgado

leonchaves commented 6 years ago

Thanks for the code!

mastermind1981 commented 6 years ago

@maarkeez thanks