I have a working web application that uses SpringSecurity configuration for username / password. Now I want to transfer it to a simple Facebook application. For some reason, I want to authenticate with the returned facebook access token, and also keep the username validator.
In detail, I would check the facebook access token for authentication returned:
https://graph.facebook.com/oauth/access_token?client_id=[my_api_key]&redirect_uri=[my_redirect_uri]&client_secret=[my_api_secret]&code=[code]
The user does not need to provide a username and password, as they are already logged in using facebook. But I would like to keep the (username / password) spring security configuration so that users can log in to my original website.
Does SpringSecurity support this type of authentication? If so, I wonder how this can be done? Do I need to write specialized authentication providers to do this?
UPDATE In the end, we configured SpringSecurity authentication method to accept access_token as an authentication parameter, extending UsernamePasswordAuthenticationFilter (declaring it as formLoginFilter )
source share