Implementing Facebook Login

[Mike_Warren <mr...@gmail.com>]

I'm just getting to grips with Shiro (which I have to say has been very nice
and intuitive nice use so far), and also now trying to use Facebook / OAuth
as a login mechanism.

I have read of other discussion around this area, 
http://shiro-user.582556.n2.nabble.com/Advice-on-Shira-with-FB-Connect-Session-Clustering-Efficiency-td6832777.htm
but as it covers other questions I thought I'd post a new topic. 

Basically I've got Facebook login working but not sure if my approach is
correct. 

I've implemented a new Facebook realm, with associated Credentials matcher
and token, see link below for a blog post with more details. I've decided
that my credentials matcher doesn't actually need to do anything because by
the time it is called upon Facebook has already done the job of gathering
credentials and checking them. I've also ended up with a FacebookToken class
which holds a code for use in calls to facebook, but which just returns null
for getPrincipal and getCredentials as when it comes to authentication I
consider Facebook to be responsible for determining the Principal and
getting credentials. Does this sound right to anyone with more experience in
this area ? 

Anyway, any thoughts on this appreciated, or if there's anyone else who's
already done this I'd be more than happy to not be reinventing the wheel. 

Blog posts of what I've done so far.
http://mrdwnotes.wordpress.com/2011/11/28/using-apache-shiro-security-to-allow-login-via-facebook-part-1/

http://mrdwnotes.wordpress.com/2011/11/28/using-apache-shiro-security-to-allow-login-via-facebook-part-2/

thanks Mike


--
View this message in context: http://shiro-user.582556.n2.nabble.com/Implementing-Facebook-Login-tp7038905p7038905.html
Sent from the Shiro User mailing list archive at Nabble.com.

Re: Implementing Facebook Login

[Mike_Warren <mr...@gmail.com>]

Thanks Kalle,

"I thought the approach sounded familiar"
(http://tynamo.org/tynamo-federatedaccounts+guide) 
- yes the Tynamo code was very useful for me, thanks for making it public,
I'd be happy to collaborate - I'll read up a bit more on Tynamo, and on
OAuth(2) and contact you if I've got something I feel I could contribute,
but feel free to email me with suggestions. 

I'm intending to read up on OAuth a bit more and implement something similar
for twitter and google, and then step back and see what can be made generic.

When you say "that flow is the only one that makes sense with Oauth(2)" I'm
not sure which flow you mean? 

Thanks again for the reply, and Tynamo, Mike

--
View this message in context: http://shiro-user.582556.n2.nabble.com/Implementing-Facebook-Login-tp7038905p7042180.html
Sent from the Shiro User mailing list archive at Nabble.com.

Re: Implementing Facebook Login

[Kalle Korhonen <ka...@gmail.com>]

I thought the approach sounded familiar :) I never intended to make my
facebook integration
(http://tynamo.org/tynamo-federatedaccounts+guide) generic to all
servlet environments since you soon get to a point where you'd like to
customize the flow and the layouts with your ui framework of choice,
but to me that flow is the only one that makes sense with Oauth(2) -
although then again, I'm strongly biased. It'd be interesting to
collaborate on the federated account interfaces, perhaps to generalize
the common parts to yet another library. In the Tynamo trunk, we've
refactored the core to support multiple Oauth providers using the same
base interfaces. With Oauth, OpenID etc. you'll quickly get to the
point where authorization isn't quite enough, but you need to use
provider-specific libraries.

Kalle


On Mon, Nov 28, 2011 at 6:24 AM, Mike_Warren <mr...@gmail.com> wrote:
> I'm just getting to grips with Shiro (which I have to say has been very nice
> and intuitive nice use so far), and also now trying to use Facebook / OAuth
> as a login mechanism.
>
> I have read of other discussion around this area,
> http://shiro-user.582556.n2.nabble.com/Advice-on-Shira-with-FB-Connect-Session-Clustering-Efficiency-td6832777.htm
> but as it covers other questions I thought I'd post a new topic.
>
> Basically I've got Facebook login working but not sure if my approach is
> correct.
>
> I've implemented a new Facebook realm, with associated Credentials matcher
> and token, see link below for a blog post with more details. I've decided
> that my credentials matcher doesn't actually need to do anything because by
> the time it is called upon Facebook has already done the job of gathering
> credentials and checking them. I've also ended up with a FacebookToken class
> which holds a code for use in calls to facebook, but which just returns null
> for getPrincipal and getCredentials as when it comes to authentication I
> consider Facebook to be responsible for determining the Principal and
> getting credentials. Does this sound right to anyone with more experience in
> this area ?
>
> Anyway, any thoughts on this appreciated, or if there's anyone else who's
> already done this I'd be more than happy to not be reinventing the wheel.
>
> Blog posts of what I've done so far.
> http://mrdwnotes.wordpress.com/2011/11/28/using-apache-shiro-security-to-allow-login-via-facebook-part-1/
>
> http://mrdwnotes.wordpress.com/2011/11/28/using-apache-shiro-security-to-allow-login-via-facebook-part-2/
>
> thanks Mike
>
>
> --
> View this message in context: http://shiro-user.582556.n2.nabble.com/Implementing-Facebook-Login-tp7038905p7038905.html
> Sent from the Shiro User mailing list archive at Nabble.com.
>