Integrate with facebook login on google app engine

[lala.mt]

Hi,
Did anyone try to add facebook login to spring security on google app engine?
I want to allow my users to choose between standard spring login (using <form-login> on context xml)
and facebook login.
Any suggestion will be greatly appreciated!

[thobson]

Facebook uses oauth2 which is simple to implement, the basic flow would be something like:

1. User clicks a link "login with facebook"
2. You redirect to facebook oath2 endpoint
3. Facebook will redirect the user back to a url you specify
4. You extract the code parameter from the request
5. You make an http request to facebook platform to exchange the code for an access token
6. You then make another http request to facebook's graph api to retrieve the user's username, email, profile photo etc
7. You can the programatically authenticate the user

Notes

Facebook has some documentation explaining how to do server-side login using oath2. It's written in PHP but you should be able to make sense of it

You can programatically authenticate a user using spring security using something like:

Code:

Authentication authentication = new UsernamePasswordAuthenticationToken(user, null, AuthorityUtils.createAuthorityList("ROLE_USER"));
SecurityContextHolder.getContext().setAuthentication(authentication);

You can make http calls from GAE using UrlFetch