Package org.vrspace.server.api

Class Oauth2Login

java.lang.Object
org.vrspace.server.api.ApiBase
org.vrspace.server.api.Oauth2Login
@RestController @ConditionalOnProperty("org.vrspace.oauth2.enabled") @RequestMapping("/vrspace/api/oauth2") public class Oauth2Login extends ApiBase
Oauth2 login is completely handled by spring security, this is just callback once it's all done. Client's identity is something like joe:facebook, but hashed. Login name must match the stored identity. After login, user's Client object is stored in HttpSession, under key specified by clientFactory.clientAttribute() (local-user-name by default).
Author:
joe

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final String
    PATH
     

    Fields inherited from class org.vrspace.server.api.ApiBase

    API_ROOT

  • Constructor Summary

    Constructors
    Constructor
    Description
    Oauth2Login(org.springframework.security.oauth2.client.registration.ClientRegistrationRepository clientRegistrationRepository)
     

  • Method Summary

    Modifier and Type
    Method
    Description
    org.springframework.http.ResponseEntity<String>
    afterAuthentication(String name, String provider, String avatar, jakarta.servlet.http.HttpSession session, jakarta.servlet.http.HttpServletRequest request)
    This endpoint requires both user name and authentication provider id (fb, github, google...
    Map<String,String>
    providers()
    List of OAuth2 registered authentication providers.
    org.springframework.http.ResponseEntity<String>
    setProvider(jakarta.servlet.http.HttpSession session, jakarta.servlet.http.HttpServletRequest request)
    First step in Oauth2 Authentication is to obtain valid authentication provider id.

    Methods inherited from class org.vrspace.server.api.ApiBase

    currentUserName, isAuthenticated

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

  • Constructor Details

    • Oauth2Login

      public Oauth2Login(@Autowired org.springframework.security.oauth2.client.registration.ClientRegistrationRepository clientRegistrationRepository)

  • Method Details

    • providers

      @GetMapping("/providers") public Map<String,String> providers()
      List of OAuth2 registered authentication providers.
      Returns:
      key-value pair of id and name, as declared in application.properties

    • setProvider

      @GetMapping("/provider") public org.springframework.http.ResponseEntity<String> setProvider(jakarta.servlet.http.HttpSession session, jakarta.servlet.http.HttpServletRequest request)
      First step in Oauth2 Authentication is to obtain valid authentication provider id. This is never called directly though, the browser is redirected here from the login page. Obtains the provider id from the original request and sends browser redirect.

    • afterAuthentication

      @GetMapping("/login") public org.springframework.http.ResponseEntity<String> afterAuthentication(String name, String provider, String avatar, jakarta.servlet.http.HttpSession session, jakarta.servlet.http.HttpServletRequest request)
      This endpoint requires both user name and authentication provider id (fb, github, google... as defined in app properties file). The framework then performs authentication through a series of on-site and off-site redirects. Only after successful Oauth2 authentication with external provider, the browser lands here. This method fetches or creates the Client object, and redirect back to the referring page. Client object is stored in HttpSession, under key specified by clientFactory.clientAttribute().
      Parameters:
      name - Login name of the user, local
      provider - Oauth2 authentication provider id , as registered in properties file (e.g. github, facebook, google)
      avatar - Optional avatar URI, used only when creating a new user