[mitreid-connect] How to prepare OAuth2Authentication by ourselves

[James Yu]

Hi there,

If my IDP leverages 3rd party to authenticate user, how do I build
authentication and principle based upon the the authentication result
returned by 3rd party?

For example,
1. user clicks "login with Facebook account" on the login page provided by
my IDP.
2. user is redirected to Facebook's login page
3. user submits username + password to Facebook
4. Facebook redirects user back to my IDP with authentication result
5. my IDP uses the USERID returned by Facebook to lookup username in my
user base
6. my IDP creates OAuth2Authentication entity as if the user successfully
authenticates himself with his username + password on my IDP
7. my IDP creates OAuth2AccessTokenEntity with createAccessToken method
provided in DefaultOAuth2ProviderTokenService.java, so counter party can
access OAuth protected API with the access token.
8. another counter party redirects the same user to my IDP, my IDP is able
to tell that the user is already authenticated and generates new access
token for this counter party.

If user authenticates himself with my IDP, everything is taken cared of by
spring-security filters.  However, in this case we only receives
authentication result from 3rd party, so I really need a hand on how to do
step 6, 7, and 8.

Thank you.


This is a UTF-8 formatted mail
-----------------------------------------------
James C.-C.Yu
+886988713275
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20150102/a3337732/attachment.htm