Callbacks and multihomed hosts
First of all I'd like to say that Spring Social is a nice project indeed
However, it seems that using it on a host servicing multiple domains with the same app is not as straightforward as it could be. At least when you are using ProviderSignInController and ConnectController. The reason is - callbackUrl which you can't change to match your site. When creating a bean, you have to supply an applicationUrl as an argument to the constructor. That applicationUrl is then used to form a callbackUrl. The problem is that:
a) You can't specify a relative URL - it should be absolute or you will not be redirected back by the remote party (say twitter).
b) You can't override callbackUrl method which is declared private (well, not in easy way at least)
So let's take for example siteA.com and siteB.com, which are both serviced by your application. If you start your sign in process on siteA.com by POSt'ing to /signin/twitter and your applicationUrl is set to http://siteA.com/..., it will work fine. If you try to start the same sign in process on siteB.com, then after you bounce back to your callbackUrl (which is http://siteA.com/...) you may see something like this:
It would be nice to actually support relative URLs and form callback URLs in a way that current domain and protocol are taken in account. Making "callbackUrl" protected instead of private would be helpful too.java.lang.NullPointerException
org.springframework.social.oauth1.AuthorizedReques tToken.getValue(AuthorizedRequestToken.java:44)
I have attached two patch files for ProviderSignInController and ConnectController in M3 which should resolve the issue. The idea is that you can still use absolute applicationUrl, but if you use relative URL instead, then callback URL will be automatically prefixed with the current protocol/host/port. And callbackUrl method could be overridden as well if needed. I hope you could include this or similar implementation in your next release.
Regards,
Alexander.
Reply With Quote