How to store the source of the call to facebook signon

[jwilcox98200]

Hi,

I have three places in our website which call facebook. They are registration, login and associate. I need to remember which place called facebook when i get a positive callback from facebook login. What do i need to do so i can take appropriate action when i receive a successful login callback from a social app like facebook.

Thank you

[habuma]

It'd be nice if Facebook would tell you, on the callback, where you came from. But how would Facebook know if you didn't tell it? Facebook does have the notion of a "state" parameter that you can send at authorization time and that will carry back to you in the callback, but...(1) I don't believe Spring Social supports this...perhaps it should and (2) that's not really what "state" is intended for...it's intended for protection against cross-site request forgery (and again, I should consider making Spring Social support that).

The simplest thing you could do is store some value in the session that describes what you were doing before kicking off the FB authorization flow...upon arriving at the callback you could pop that value from the session and redirect to the URL to pick up where you left off.

[jwilcox98200]

Thank you for responding.


That's what i did. I created a subclass of ProviderSignInController. I store two things in the session. The type of request and an optional redirect url.

public class MyProviderSignIn extends ProviderSignInController{
private RequestHelper requestHelper;

@Autowired
public void setRequestHelper(RequestHelper requestHelper) {
this.requestHelper = requestHelper;
}

@Inject
public MyProviderSignIn(ConnectionFactoryLocator connectionFactoryLocator,
UsersConnectionRepository usersConnectionRepository,
SignInAdapter signInAdapter) {
super(connectionFactoryLocator, usersConnectionRepository, signInAdapter);

}
@Override
public RedirectView signIn(@PathVariable String providerId, NativeWebRequest request) {
requestHelper.setRedirectUrlFromSession( requestHelper.getRedirectUrlFromWebRequest(request ));
requestHelper.setRequestTypeFromSession(requestHel per.getRequestTypeFromWebRequest(request));
return super.signIn(providerId, request);
}
}

[habuma]

One other thing that might help if you're using Spring Security:

When Spring Security determines that it needs to authenticate the user (because of lack of an authentication...not because the user clicked "login" button/link), it will redirect the user to the login page. But first, it will stow the original request in a RequestCache (see http://static.springsource.org/sprin...uestCache.html). In your signin adapter, you can pull that original request from the request cache and use it.

For an example, see Spring Social Showcase's SimpleSignInAdapter: https://github.com/SpringSource/spri...InAdapter.java