What is the best strategy for Social LinkedIn <-> Security integration?

[greg.soulsby]

We have been working for some time on getting LinkedIn authorisation working. That is,

- the end user authenticates with LinkedIn
- we dont know (let alone keep) their user id or password
- we keep their LinkedIn unique token on our database
- we can control their access rights using Spring Security.

But the developer has thrown in the towel. His email to me is below.

Is there a current approach to getting this working? Google finds things, but they seem old and complex.

Alternatively, I am thinking we could use the LinkedIn javascript on the front end to enable the user to log in. Then we could use the LinkedIn api on the server side to control access to parts of the app.

Many thanks for any advice,

Greg

The spring-social-linked-in package is very unstable and has lot of bugs, please check : http://forum.springsource.org/showth...le-Random-401s
Today i tried running the working setup [LinkedIn_WithCallback.zip], but i am not able to login into linkedIn.

Error Msg :
java.lang.NullPointerException org.springframework.social.oauth1.AuthorizedReques tToken.getValue(AuthorizedRequestToken.java:44


This is a known bug in linkedIn where you would get random 401 error.

I have other commitments to meet and would like to end this assignment here. The sole reason being the package is highly unstable to work with.

[habuma]

Help me understand better what it is you're trying to do...your bullet points gave me some idea, but I'm still a bit unclear. To what level are you looking to integrate with Spring Security? Are you looking to do a simple "Sign in With LinkedIn" where you use LinkedIn as the authentication point for your app, but Spring Security for handling authorization? Or is there something else you're expecting?

In the case of "Sign in With LinkedIn", the Spring Social Showcase shows exactly how to do that. I just tried it out with LinkedIn and it's working perfectly. if that's what you're trying to do, you might have a look at that. And, of course, feel free to ask any questions you may have.

Regarding the stability of Spring Social LinkedIn:
- I know of only 1 open bug against the project and it seems unrelated to what you're trying to do. If you're encountering issues, then there's no way I can know to fix them unless someone files a bug in JIRA: https://jira.springsource.org/browse/SOCIALLI. It's good to discuss them in this forum, but it's even better to report them as bugs with enough info to help recreate it (and ultimately fix it).
- The forum post mentioned is from mid-last year--over 9 months ago. There has been a lot of work on Spring Social LinkedIn since then. I'm not saying it's perfect, but again I am only aware of one open bug.
- The bulk of the "sign-in-with" and connection flow code is part of Spring Social's core and web modules and is generic to work with all providers. If this were a serious problem, I'd have been made aware of it from the Facebook and Twitter (and other)-oriented projects out there. I suppose there may be something LinkedIn-specific that's causing trouble, but unless a bug is reported I won't know that it needs to be fixed.

[greg.soulsby]

Craig, thanks for the comprehensive reply.

In terms of what I am trying to do. We want the user to login via linked in, for linked in to give us their unique id for our app and then for us to store that unique id so we know when they come back. We want to be able to assign them to some level or group so that we can use Spring Security to give us robust, fine grained control of their access rights. We don't want to know anything about user ids on our side, that is what linked in is for.

In terms of the stability, if you say its good then I take without question. It is just I have had 3 independent contractors tell me they have had real problems. It may say something about them of course, but they are the best I can find - which might reflect the bigger problems I have of getting contractors in this space.

I will review the SS showcase again and revert. If we run into a problem we will have more confidence to raise a jirra, although for a begginer like me that feels like telling Rafael Nadal he has a slight flaw in his back hand.

Thanks again.

Greg

[habuma]

It sounds like you want to use Spring Social's ProviderSignInController along with Spring Social LinkedIn. It should be able to do exactly what it is you described. And again, the Spring Social Showcase sample (https://github.com/SpringSource/spri...ocial-showcase) demonstrate exactly that (plus some other stuff). Also note that unless you pulled the showcase in the last couple of minutes, there was a build problem that has since been resolved. You might do another "git pull" to make sure you have the latest stuff.

I feel that the LinkedIn module is good. I won't claim perfection, but I've had little trouble with it. Again, the showcase sample exercises some of it and I've independently verified a great deal of it. But be aware that the bulk of the API binding was contributed by a community member and although I've done some testing with it, most of it is not *my* code. I do believe the community member did a good job and my testing has confirmed that...but I also acknowledge that there may be uncovered bugs.

If you find something out of place, *please* let me know so I can fix it. Keeping a community mindset, I'd much rather someone tell me where the problems are and give me a chance to correct them than to have them speak ill of the project without contributing constructive feedback.

[greg.soulsby]

Thanks Craig.

Ok, I have got the Spring Social Showcase working. Also have a simple Roo generated app. It has User and User_role tables, which it is using to authenticate against and to identify the user role.

So I want to cut and paste from the Showcase into the Roo app whatever is need so that they can user authentic with linkedin (although may as well leave the Showcase pages as is, with Facebook etc).

Can you outline for a beginner what the main steps are? Or point to a blog somewhere - this must be a common use case.

Greg

[habuma]

I'm sure it's do-able, but unless I set aside some time to try it I can't be certain what the precise steps are.

I know you'll want the stuff in SocialConfig.java. Roo projects use Spring's XML configuration, but you can mix-n-match. Just make sure that SocialConfig is loaded as a bean and I think it will work fine. You'll also want the views under src/main/webapp/WEB-INF/views/connect (or some equivalent to them). And there's likely something I'm missing...but without going through the steps myself I can't say for sure.

The best approach here is not to simply copy-n-paste into a different project, but to understand the parts that you are copying and what they do. That way if you miss something you'll have a good idea of how to address any errors that come up. For that, the Spring Social reference document should help. Of course, you're welcome to ask here in the forums if you get stuck.

[greg.soulsby]

Ok, thanks, we will start. And revert I am sure.

Does it makes sense that there be a Spring Social plugin for Roo?

Greg

[habuma]

I've seriously considered a Spring Social plugin for Roo, but haven't had the time to work on it. It'd be a nice thing to have, no doubt. I think it would need to be well thought out so that you could issue a Roo command that might ask you for your provider credentials (e.g., Facebook/LinkedIn/Twitter API key and secret) and then add/modify the appropriate beans to support connecting with that provider. For example, you might have a command like this:

Code:

roo> social facebook --key myAppsAPIKey --secret myAppsSecret

And likewise, similar commands for other providers. Of course, the selection of providers would be limited to what the plugin knows about, but it'd still be a good start.

The first time one of these commands is run, it'd setup everything; connection factory locator, the provider-specific connection factory, the connection repositories, ConnectController (and ProviderSignInController as an option), and some basic JSP views for the connection statuses. Any followup commands for other providers would simply add another connection factory to the connection factory locator.

As I write that, it sounds simple enough to do. It's not currently on the roadmap so there's no timing of when this might be available...but I've gone ahead and created https://jira.springsource.org/browse/SOCIALFB-86. I'm terribly interested in seeing something like this happen, so if someone else out there wants to give it a shot and contribute it, I'll be quick to review your work and get it in ASAP. If there are no takers, then I might tinker with it in my spare time (which is really non-existant at the moment).

[greg.soulsby]

Craig,

As we work through doing what you describe by hand we will keep a log of issues and design decisions taken. If we get to the end and someone who knows what they are talking about has not stepped in I will post them for your review before trying to wrap into a plugin.

Greg

[habuma]

Check that...I created the new feature issue in the wrong project. Just moved it to https://jira.springsource.org/browse/SOCIAL-312.

FWIW, I also think an STS template project for Spring Social would be a really nice-to-have: https://jira.springsource.org/browse/SOCIAL-313