ProviderSignInController signupurl

[abhijith_p]

Hi All,

I am trying to write a grails plugin using Spring social core plugin. I get the provider popup and after I enter user and password it is giving me 404. As I debugged the code, it is coming into SpringSocialProviderSignInController handleSignIn() method and it is not getting anything for signup url. In grails plugin this is the code snipet

Code:

if (userIds.size() == 0) {
      if (log.isDebugEnabled()) {
        log.debug("No user found in the repository, creating a new one...")
      }
      ProviderSignInAttempt signInAttempt = new ProviderSignInAttempt(connection, connectionFactoryLocator, usersConnectionRepository)
      request.setAttribute(ProviderSignInAttempt.SESSION_ATTRIBUTE, signInAttempt, RequestAttributes.SCOPE_SESSION)
      //TODO: Document this setting
      result = request.session.ss_oauth_redirect_on_signIn_attempt ?: config.page.handleSignIn
    }

I see that even in the regular spring social web jar this has similar logic. Except in the web there is a default set on signupUrl. I tried giving the same value(/signup) in config.page.handleSignIn but it did not help.

Code:

if (userIds.size() == 0) {
			ProviderSignInAttempt signInAttempt = new ProviderSignInAttempt(connection, connectionFactoryLocator, usersConnectionRepository);
			request.setAttribute(ProviderSignInAttempt.SESSION_ATTRIBUTE, signInAttempt, RequestAttributes.SCOPE_SESSION);
			return redirect(signUpUrl);
		}

In general, I am trying to understand what this signUpUrl does. I am not able to go further after this. Is it mandatory to give signUpUrl? My understanding was no.

Any help is greatly appreciated.

[habuma]

It's not mandatory to have a signup URL, but it is most often desirable.

The signup URL is where the user should be taken if there's not already an existing connection...it's the application's signup page (aka, the registration page). It is app-defined, so that's why Spring Social doesn't know anything about it and you have to tell it where the signup page is. See http://static.springsource.org/sprin...#signin_signup for more info.

It is possible to *not* have a signup page, but that's a special case where you have implicit signup. That is, a user is created implicitly,using the user info from the provider, as the local application's user data. Spring Social Quickstart handles a lack of an existing connection in this way.

[abhijith_p]

Thanks Craig, makes total sense.

I figured out that the issue is not really having signup url. It is not getting userid from connection repository.
List<String> userIds = usersConnectionRepository.findUserIdsWithConnectio n(connection) is giving back empty.

I am trying to figure out why this is happening. I see that connection object has all the details from the provider.

The initial connection is setup by grails plugin. It is trying to get user name from SpringSecurityContect and getting an anonymousUser. Does this have any effect? I thought the connection is setup with providerId as key and userid itself has less relevence.

Please correct me if I am wrong.

Code:

@Bean
  @Scope(value = "request", proxyMode = ScopedProxyMode.INTERFACES)

  ConnectionRepository connectionRepository() {
    def authentication = SecurityContextHolder.getContext().getAuthentication()
    if (!authentication) {
      throw new IllegalStateException("Unable to get a ConnectionRepository: no user signed in")
    }
    usersConnectionRepository().createConnectionRepository(authentication.getName())
  }

[habuma]

The connection describes as a 3-party relationship between the application, a provider, and a user of both. If the user is anonymous, then the user is effectively unknown and therefore, it'd be hard to establish any meaningful connection with that user. Even if you managed to create a connection for an anonymous user, you'd have to make sure that the connection is (1) removed when the user goes away and (2) the connection is unique for that anonymous user so that other anonymous users won't be accessing the provider on behalf of the anonymous user who established the connection. The point of that last sentence is that I suppose its possible to do this with an anonymous user, but that's not how it's meant to be used and you should be careful using it that way.

In short...the user ID is very relevant when creating a connection.