Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Facebook login in JWT

Tags:

facebook

jwt

spring-security

spring-security-rest

I have developed token based spring security using JWT referring this project in git https://github.com/szerhusenBC/jwt-spring-security-demo. Now I need to get facebook login in my application. For social login, I found another web page https://ole.michelsen.dk/blog/social-signin-spa-jwt-server.html which explains how the social login must be carried out.

In the normal login, my JWT project creates a token based on username, password, expiry date and time of creation. Everytime the token comes, all values from above fields are retrieved and compared to authenticate the token and then served. I've two questions:

  1. In the social login, there will be no password created. A token will be received from the facebook(my frontend does this). I have to verify if the token is valid or not. How am I supposed to do it in JWT?
  2. After verifying as per the article I'm supposed to create my own token for future reference. Now, there is no password in facebook login. How do I create the token?

Let me know if there are any good site available for social login using JWT in spring boot applictaion.

like image 519
User1230321 Avatar asked Jan 01 '17 20:01

User1230321

People also ask

Does Facebook use JWT authentication?

It provides an entry point: “/auth/facebook” that redirects to FBs and proceeds to the authentication. After that it acquires the AccessToken for the logged user and creates a JWT Token that returns to the client.

What is a Facebook access token?

An access token is an opaque string that identifies a user, app, or Page and can be used by the app to make graph API calls. When someone connects with an app using Facebook Login and approves the request for permissions, the app obtains an access token that provides temporary, secure access to Facebook APIs.

2 Answers

I found myself in similar situation, and decided to follow a slightly different approach, delegating the responsibility of authenticating with FB to the server itself.

It provides an entry point: “/auth/facebook” that redirects to FBs and proceeds to the authentication.

After that it acquires the AccessToken for the logged user and creates a JWT Token that returns to the client.

Here is a blog post explaining how to use Spring Social Facebook and Spring Security for a similar case: Stateless Spring Security Part 3: JWT + Social Authentication

like image 155
amllano Avatar answered Oct 21 '22 00:10

amllano

Consider removing the password field from your jwt. Facebook can supply you the email and name so use that for the payload. Here is my example.

userSchema.methods.generateJwt = function() {
  var expiry = new Date();
  expiry.setDate(expiry.getDate() + 7);

  return jwt.sign(
    {
      _id: this._id,
      email: this.email,
      name: this.name,
      exp: parseInt(expiry.getTime() / 1000)
    },
    jwt_secret
  );
};
like image 44
Tetsuya3850 Avatar answered Oct 21 '22 01:10

Tetsuya3850
Sign in to Comment

Related questions

How to get facebook profile picture of user in facebook SDK 3.0 Android
New Facebook API 3.0. and ActionBarSherlock compatibility
How to get Facebook profile image in Android
og:description not showing up in Facebook feed
Testing oAuth / facebook authentication with WebTestCase in Symfony2
iOS Facebook Status Location
Possible to use the native facebook app to log into a mobile html5 app? On the iPhone
Facebook-ios-sdk with embedded UIWebView
Session.isOpened() == true but Session.getAccessToken() == ""
Android & Facebook SDK : decoding pictures from /me/picture graph call
Android Facebook SSO for server side authentication
Facebook Graph API "search" by email suddenly stopped working
Comparison between fasttext and LDA
Read public posts from "own" Facebook page's timeline - Pages API requires review and business verification
Secure communication between iOS client, Facebook API and server
How to filter out the most active users from fan page?
Facebook - Get conversation thread ID with message ID?
Does the Facebook API allow for automated changes to old post visibility?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!