All geek questions in one place

Facebook Login to JWT

I developed spring token-based protection using JWT, referencing this project in git https://github.com/szerhusenBC/jwt-spring-security-demo . Now I need to get facebook login in my application. For social login, I found another web page https://ole.michelsen.dk/blog/social-signin-spa-jwt-server.html that explains how social login should be performed.

In a normal input, my JWT project creates a token based on the username, password, expiration date, and creation time. Each time a token appears, all values ​​from the above fields are retrieved and compared to authenticate the token and then served. I have two questions:

  • No password will be created in the social input. The token will be obtained from facebook (my interface does this). I have to check if the token is valid or not. How should I do this in JWT?
  • After checking in accordance with the article, I must create my own token for future reference. Now there is no password to enter facebook. How to create a token?

Let me know if there is a good social login site using the JWT in the spring boot applictaion.

+6
source share
2 answers

Consider removing the password field from your jwt. Facebook can provide you with an email address and name to use it for the payload. Here is my example.

userSchema.methods.generateJwt = function() { var expiry = new Date(); expiry.setDate(expiry.getDate() + 7); return jwt.sign( { _id: this._id, email: this.email, name: this.name, exp: parseInt(expiry.getTime() / 1000) }, jwt_secret ); };
+1
source

I found myself in a similar situation and decided to take a slightly different approach, delegating responsibility for authentication with FB to the server itself.

It provides an entry point: "/auth/facebook" , which redirects to FB and proceeds to authentication.

After that, it acquires an AccessToken for the registered user and creates a JWT token that is returned to the client.

Here's a blog post explaining how to use Spring Social Facebook and Spring Security for a similar case: Stateless Spring Security Part 3: JWT + social authentication

0
source

Source: https://habr.com/ru/post/1013689/

More articles:


All Articles