问题
I'm using Spring Social with Spring Security to authenticate users and automatically create local accounts on my web app. How do I provide the OAuth2 scope for authentication?
In the spring-social-samples, I don't see where scope should go.
<bean id="socialAuthenticationFilter" class="org.springframework.social.security.SocialAuthenticationFilter"
c:_0-ref="authenticationManager"
c:_1-ref="userIdSource"
c:_2-ref="usersConnectionRepository"
c:_3-ref="connectionFactoryLocator"
p:signupUrl="/spring-social-showcase/signup"
p:rememberMeServices-ref="org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices#0" />
<bean id="socialAuthenticationProvider" class="org.springframework.social.security.SocialAuthenticationProvider"
c:_0-ref="usersConnectionRepository"
c:_1-ref="socialUsersDetailService" />
A specific usecase for scope would be to let the user authenticate with Facebook and then get the user's Facebook email (scope="email") for creating a local account.
回答1:
In your configuration, you need to specify scope as a property of the FacebookAuthenticationService. This is the service that handles calls to auth/facebook
In XML configuration, instead of:
<facebook:config app-id="${facebook.clientId}" app-secret="${facebook.clientSecret}"/>
use:
<bean id="connectionFactoryLocator" class="org.springframework.social.security.SocialAuthenticationServiceRegistry">
<property name="authenticationServices">
<list>
<bean class="org.springframework.social.facebook.security.FacebookAuthenticationService">
<constructor-arg value="${facebook.clientId}" />
<constructor-arg value="${facebook.clientSecret}" />
<!-- Important: The next property name changed from "scope" to "defaultScope" in 1.1.0.M4 -->
<property name="scope" value="email" />
</bean>
</list>
</property>
</bean>
This works with Spring Social 1.1.0.M3
回答2:
You can pass additional scope parameter in a connection / signup form. See example for twitter from the official documentation:
<form action="<c:url value="/connect/twitter" />" method="POST">
<input type="hidden" name="scope" value="publish_stream,offline_access" />
...
<button type="submit"><img src="<c:url value="/resources/social/twitter/signin.png" />"/></button>
</form>
It is the same principle for facebook too, just use appropriate scope values.
Be sure that you do not missed this part:
Facebook access tokens expire after about 2 hours. So, to avoid having to ask your users to re-authorize ever 2 hours, the best way to keep a long-lived access token is to request "offline_access".
来源:https://stackoverflow.com/questions/17732858/how-to-specify-oauth2-scope-with-spring-social-security-socialauthenticationfilt