How to persist users who login to my application using Spring Security 5 OAuth SSO Client
I know the OAuth support now native to Spring Security 5 is fairly new. I've gone through all the documentation, samples and blogs that i can find about its capabilities. However, I cannot find anything about how to do what I want to do.
I have an application that I want to allow users to sign up for and allow them to authenticate with whatever third party service they choose to use (e.g. Github, Facebook, Google, etc.). I want to be able to know if they are a newly registered user so that I can ask them more information about themselves; Just like you do here when creating a new account on Stackoverflow but using Google for your authentication provider. Or if they are an existing user so that i can re-associate this information to them; just like every other website does. I also want to be able to assign additional authorities to some users to give some additional capabilities in my application.
All of this says to me is that there must be a way for me to hook into the login process to both persist a new user and to fetch information about a pre-existing user. However, all of the examples around creating the principle and assigning authorities deal with determining them from the information retrieved from the external providers information, and not from my systems own persisted information.
I'm pretty sure if i can figure out how to persist a newly met user, then I believe I can look up existing users with a custom OAuth2UserService, and adding new authorities to them and then associating those authorities should be pretty simple with my own GrantedAuthoritiesExtractor. All of this assumes my understanding is correct.
Any help is greatly appreciated
spring-security-oauth2
add a comment |
I know the OAuth support now native to Spring Security 5 is fairly new. I've gone through all the documentation, samples and blogs that i can find about its capabilities. However, I cannot find anything about how to do what I want to do.
I have an application that I want to allow users to sign up for and allow them to authenticate with whatever third party service they choose to use (e.g. Github, Facebook, Google, etc.). I want to be able to know if they are a newly registered user so that I can ask them more information about themselves; Just like you do here when creating a new account on Stackoverflow but using Google for your authentication provider. Or if they are an existing user so that i can re-associate this information to them; just like every other website does. I also want to be able to assign additional authorities to some users to give some additional capabilities in my application.
All of this says to me is that there must be a way for me to hook into the login process to both persist a new user and to fetch information about a pre-existing user. However, all of the examples around creating the principle and assigning authorities deal with determining them from the information retrieved from the external providers information, and not from my systems own persisted information.
I'm pretty sure if i can figure out how to persist a newly met user, then I believe I can look up existing users with a custom OAuth2UserService, and adding new authorities to them and then associating those authorities should be pretty simple with my own GrantedAuthoritiesExtractor. All of this assumes my understanding is correct.
Any help is greatly appreciated
spring-security-oauth2
add a comment |
I know the OAuth support now native to Spring Security 5 is fairly new. I've gone through all the documentation, samples and blogs that i can find about its capabilities. However, I cannot find anything about how to do what I want to do.
I have an application that I want to allow users to sign up for and allow them to authenticate with whatever third party service they choose to use (e.g. Github, Facebook, Google, etc.). I want to be able to know if they are a newly registered user so that I can ask them more information about themselves; Just like you do here when creating a new account on Stackoverflow but using Google for your authentication provider. Or if they are an existing user so that i can re-associate this information to them; just like every other website does. I also want to be able to assign additional authorities to some users to give some additional capabilities in my application.
All of this says to me is that there must be a way for me to hook into the login process to both persist a new user and to fetch information about a pre-existing user. However, all of the examples around creating the principle and assigning authorities deal with determining them from the information retrieved from the external providers information, and not from my systems own persisted information.
I'm pretty sure if i can figure out how to persist a newly met user, then I believe I can look up existing users with a custom OAuth2UserService, and adding new authorities to them and then associating those authorities should be pretty simple with my own GrantedAuthoritiesExtractor. All of this assumes my understanding is correct.
Any help is greatly appreciated
spring-security-oauth2
I know the OAuth support now native to Spring Security 5 is fairly new. I've gone through all the documentation, samples and blogs that i can find about its capabilities. However, I cannot find anything about how to do what I want to do.
I have an application that I want to allow users to sign up for and allow them to authenticate with whatever third party service they choose to use (e.g. Github, Facebook, Google, etc.). I want to be able to know if they are a newly registered user so that I can ask them more information about themselves; Just like you do here when creating a new account on Stackoverflow but using Google for your authentication provider. Or if they are an existing user so that i can re-associate this information to them; just like every other website does. I also want to be able to assign additional authorities to some users to give some additional capabilities in my application.
All of this says to me is that there must be a way for me to hook into the login process to both persist a new user and to fetch information about a pre-existing user. However, all of the examples around creating the principle and assigning authorities deal with determining them from the information retrieved from the external providers information, and not from my systems own persisted information.
I'm pretty sure if i can figure out how to persist a newly met user, then I believe I can look up existing users with a custom OAuth2UserService, and adding new authorities to them and then associating those authorities should be pretty simple with my own GrantedAuthoritiesExtractor. All of this assumes my understanding is correct.
Any help is greatly appreciated
spring-security-oauth2
spring-security-oauth2
asked Nov 28 '18 at 5:18
loesakloesak
675821
675821
add a comment |
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53512605%2fhow-to-persist-users-who-login-to-my-application-using-spring-security-5-oauth-s%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53512605%2fhow-to-persist-users-who-login-to-my-application-using-spring-security-5-oauth-s%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown