JWT and Social Authentication
Spring Boot and Facebook Graph API
This article is a guide on how to implement JSON Web Token (JWT) authentication and integrate it with Facebook authentication using Spring Boot and Facebook Graph API.
In this article, we focus on Facebook authentication, but the same concept can apply on other social platforms like Google, LinkedIn, and Twitter.
A grasp on the following is recommended:
The below video shows what will be implemented by the end of this article.
You can find the source code here.
JWT authentication
The first part of the article will focus on implementing JWT authentication using Spring security.
To understand the JWT authentication flow, let’s look at the below diagram.
To get the access token (JWT), the client sends a login-in request to the auth server with the username and password in the request body. The server validates the username and password, then returns an access token (JWT) to the client.
The client has to store the access token somewhere and should send it with every request to the server in the Authorization header.
The server then validates the access token and, if valid, it serves the request for the client .
Implementing JWT authentication
Simply we need to configure Spring security to intercept each request and validates the access token.
Let’s look into spring security configuration.
As you can see at line 10, it configures the JwtTokenAuthenticationFilter to intercept each request and validate the token.
Let’s dive deep into JwtTokenAuthenticationFilter.
Line 4–9, It checks if the token header is exist, if it is not exist, it is OK, maybe the user is accessing a public resource like “/signin” or “/signup”.
At line 13, it delegates the token validation to the tokenProvider service, If valid, It gets the username from the token, loads user details from the DB and creates a security context for the user.
This concludes the JWT authentication flow, next, we will see how social authentication works with JWT authentication.
Social authentication
Social authentication allows users to access websites using their existing social account IDs, such as Facebook, Twitter, and LinkedIn.
It enhances the user experience on the website since there is no need to fill in a registration form or remember a password.
The diagram below illustrates the social authentication flow.
When the user clicks on Login with Facebook, the user is redirected to Facebook to login to their account and give permission to our website to access profile info. The Facebook then redirects the user back to our website and returns an access token.
The client send a Facebook login request to the authorization server with the Facebook access token and the authorization server does the following:
- Sends a request to Facebook to get user profile with the access token.
- Creates an account for the user if it doesn’t exist.
- Returns JWT token to the client.
Then the Client stores the JWT token, and sends it with each request to the server.
Facebook Graph API
All the information on Facebook are represented in a form of graph, which is consists of nodes (like User or Photo), edges (like comments on Photo) and fields (like User’s birthday or email). This graph is called social graph.
Facebook provides an HTTP-based APIs that allow you to get data into and out of the Facebook platform.
You can know more about Facebook Graph API from here.
Implementing the Facebook authentication
Implementing the front-end
First, the front-end (the client) get the access token from the Facebook and sends it to the authorization server.
You will need to create a Facebook developer account and an app, to create them follow the instructions here.
Then to include the Facebook SDK, Add the below script right after the body tag in index.html
In login.js page, add the below code to initialize the Facebook APIs.
Replace {app_id} with your app id.
The “Login with Facebook” button should trigger the below function.
The above function triggers the Facebook login, gets the access token, and then calls the authorization server to log the user in, and stores the JWT token in the localStorage.
The “scope” part of it, asks the user to give a permission to access the email.
Implementing the authorization service
Let’s look into FacebookService and see how the server follow is implemented
Line 2, it calls getUser of FacebookClient, which we will look into in a moment.
Line 4, It check if the user already exists in the DB.
Line 5, registers the user if it is not found.
Line 7–9, It generates an access token and return it to the client.
Also, notice in the above function, it generates a random username and password to register the user.
Finally, let’s look into FacebookClient.
Which is a simple GET call to the following Facebook Graph API.
https://graph.facebook.com/me?fields=email,first_name,last_name,id,picture.width(720).height(720)&access_token={access_token}
The interesting part is fields, where you specify the required fields.
Conclusion
Integrating a social login with JWT authentication is a quite a lot of work, but it enhances the user experience and make it easier for the user to register to your website without having to fill in a registration form.
About the Creator
Amr Khaled
I’m a software engineer who is passionate about software architecture and design. Enjoy coding in Java, Scala, and JavaScript.
Keep reading
More stories from Amr Khaled and writers in 01 and other communities.
Building Scalable Facebook-Like Notifications
Sometimes we want the server to notify the client on changes. This is something that is not possible in traditional HTTP web applications. In traditional web applications, the client has to establish a connection with the server and then waits for the response from the server. This is the problem that server-sent event is solving. The Idea behind server-sent event (SEE) is the client subscribes to stream of updates generated by the server and, a notification is sent to the client, whenever a new event occurs.
By Amr Khaled4 years ago in 01
Tennis in Norfolk Island
Best known for its stunning scenery, rich history and unique culture, Norfolk Island also boasts a vibrant tennis scene that attracts locals and visitors alike. The sport has become popular on this small South Pacific island, providing a great way for people to stay active and enjoy the beautiful surroundings.
By Nguyễn Bảo Quốca day ago in 01
The Ultimate Guide to Luxury Interior Design in Bengaluru
Living areas that are the peak of elegance and splendor are often related to luxury interior designers in Bengaluru, in which sophistication and innovation meet. Among Bengaluru's top interiors designers, Asense Interior is a shining example of excellence because of its best craftsmanship, attention to element, and determination to presenting customers with unrivalled luxury. In this entire manual, we delve into the arena of high priced interior design in Bengaluru, exploring the extremely-modern developments, innovative format concepts, and professional insights provided by means of the usage of Asense Interior.
By Stephen Jamesabout 8 hours ago in 01
Comments
There are no comments for this story
Be the first to respond and start the conversation.