Results 1 to 3 of 3

Thread: Secure REST API with OAuth 2.0 (e.g. Facebook)

  1. Jan 19th, 2012, 03:24 PM #1
    JTS000ID
    JTS000ID is offline Junior Member
    Join Date
    Mar 2011
    Posts
    6

    Default Secure REST API with OAuth 2.0 (e.g. Facebook)

    I have a very simple REST API (CRUD) that I need to secure with OAuth 2.0. For example: Facebook. The design of this very small app goes like this:

    * REST API (pure stateless) done in Java.
    * Use Backbone.js to interact with server through a REST API.
    * User will login through Facebook in order to use the Service (i.e. REST API will use OAuth to authenticate user). For every new user, a username will be saved in the database. This username will be used for detecting if its a visiting user or new user (username will not exist).

    Here's what I have done so far: I have set-up two projects - one a REST API (unsecure) and second project is a working Facebook OAuth 2.0 implementation. But I am having hard time integrating these two. What I am missing is understanding on how these two projects can come together?

    Could someone please guide me in the right direction? If someone has an example, please do share.
    Reply With Quote Reply With Quote
  2. Mar 26th, 2012, 05:12 AM #2
    venosov
    venosov is offline Senior Member
    Join Date
    May 2011
    Location
    Madrid (Spain)
    Posts
    101

    Default

    Hi, there is a org.springframework.security.oauth2.consumer.OAuth 2RestTemplate, see this post.
    Reply With Quote Reply With Quote
  3. Mar 26th, 2012, 08:55 AM #3
    habuma
    habuma is offline Senior Member
    Join Date
    Aug 2004
    Posts
    1,072

    Default

    So, it sounds like you're trying to secure a REST API with OAuth 2. For that, your best bet would be to look at Spring Security for OAuth (http://static.springsource.org/spring-security/oauth/). The OAuth2-oriented Sparklr and Tonr examples should be helpful and the https://github.com/SpringSource/html5expense and https://github.com/SpringSource/greenhouse apps might also give you some idea on how to secure an API with S2OAuth. If your client is a mobile app, I'd recommend configuring S2OAuth to support the resource-owner credentials grant...and use the authorization code grant for a more traditional browser-based app.

    The one thing that makes this more interesting is that you indicate that sign-in itself will be via Facebook. For that you can use Spring Social's ProviderSignInController. The Spring Social Showcase (https://github.com/SpringSource/spring-social-samples) has a good example of doing that. The Greenhouse app also supports FB signin, so that's probably the closest to what you're trying to do.

    If you have any specific questions about any of this, feel free to ask. For S2OAuth-specific question, though, you might do better asking in the S2OAuth forum: http://forum.springsource.org/forumdisplay.php?79-OAuth.
    Craig Walls
    Spring Social Project Lead
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules