Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Flutter with REST backend Springboot

I am developing a Flutter mobile application with a Spring Boot backend. I want to have three types of login methods (1). username & password (2). Facebook (3). Google.

I have following questions.

1) If I handle the Authentication part in the mobile App via Firebase Authentication (And store all the user on Firebase), do I need to write authentication code on my Spring Boot side? Or I need to keep my authentication on the Sprin Bboot side only?

2) I want the JWT token for all the authentication system (Facebook, Google and username & password). The mobile app will send the JWT token for every requests it make to the Springboot app.

3) I am looking for a step by step tutorial that shows how can I integrate all these login methods in my Springboot REST APIs. I have looked many but all they have some different different methods or dependencies. Like some are adding Facebook dependency in the maven and some only add the Oauth2.

Thanking you in advance

like image 624
Sam Avatar asked Oct 17 '19 18:10

Sam


People also ask

Can I use flutter with spring boot?

In the Flutter app we will be using a library called 'http' to get the utilities to connect to our spring boot rest API. For this i will update the dependencies in the pubspec. yaml file. Now let's create a new class called HttpService to do the data handling part.

What is the use of spring boot framework?

Spring Boot helps developers create applications that just run. Specifically, it lets you create standalone applications that run on their own, without relying on an external web server, by embedding a web server such as Tomcat or Netty into your app during the initialization process.


1 Answers

You can integrate your Spring Boot back-end with external authentication provider using JWT by defining a custom security filter in your spring boot app. This filter will read the JWT issuer (iss) and define where it comes from (Facebook or Google). Then, based on the provider, use the appropriate public key to verify the signature included in the JWT (normally, you can use the JWKS URI provided by the authentication providers to get the key). If all good, authentication is success.

like image 162
Duy Nguyen Avatar answered Sep 19 '22 21:09

Duy Nguyen