[mitreid-connect] How to prepare OAuth2Authentication by ourselves

Justin Richer jricher at mit.edu
Fri Jan 2 07:05:21 EST 2015 

It's set up in exactly the same way: the user is still authenticating using spring security filters, except that these filters use a federated login instead of a local one. In the end, all you need to do is set up the server to use that login and the rest should work as is, no changes required for the other steps. 

There's an example server overlay that even uses the MITREid Connect OIDC client to log into the server. You can see that here: 

https://github.com/secure-restful-interface-profile/mitreid-overlay/tree/as

This server is part of another project and it is set up to be a plain OAuth server that uses OIDC log ins. 

-- Justin

/ Sent from my phone /


-------- Original message --------
From: James Yu <cyu021 at gmail.com> 
Date:01/02/2015  5:47 AM  (GMT-05:00) 
To: mitreid-connect at mit.edu 
Cc:  
Subject: [mitreid-connect] How to prepare OAuth2Authentication by ourselves 

Hi there,

If my IDP leverages 3rd party to authenticate user, how do I build authentication and principle based upon the the authentication result returned by 3rd party?

For example, 
1. user clicks "login with Facebook account" on the login page provided by my IDP.
2. user is redirected to Facebook's login page
3. user submits username + password to Facebook
4. Facebook redirects user back to my IDP with authentication result
5. my IDP uses the USERID returned by Facebook to lookup username in my user base
6. my IDP creates OAuth2Authentication entity as if the user successfully authenticates himself with his username + password on my IDP
7. my IDP creates OAuth2AccessTokenEntity with createAccessToken method provided in DefaultOAuth2ProviderTokenService.java, so counter party can access OAuth protected API with the access token.
8. another counter party redirects the same user to my IDP, my IDP is able to tell that the user is already authenticated and generates new access token for this counter party.

If user authenticates himself with my IDP, everything is taken cared of by spring-security filters.  However, in this case we only receives authentication result from 3rd party, so I really need a hand on how to do step 6, 7, and 8.

Thank you.


This is a UTF-8 formatted mail
-----------------------------------------------
James C.-C.Yu
+886988713275
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20150102/7d833d18/attachment.htm

More information about the mitreid-connect mailing list