Facebook API Question posted in
The official documentation for the Facebook APIs can be found here.

Flutter with REST backend Springboot

I am developing a Flutter mobile application with a Spring Boot backend. I want to have three types of login methods (1). username & password (2). Facebook (3). Google.

I have following questions.

1) If I handle the Authentication part in the mobile App via Firebase Authentication (And store all the user on Firebase), do I need to write authentication code on my Spring Boot side? Or I need to keep my authentication on the Sprin Bboot side only?

2) I want the JWT token for all the authentication system (Facebook, Google and username & password). The mobile app will send the JWT token for every requests it make to the Springboot app.

3) I am looking for a step by step tutorial that shows how can I integrate all these login methods in my Springboot REST APIs. I have looked many but all they have some different different methods or dependencies. Like some are adding Facebook dependency in the maven and some only add the Oauth2.

Thanking you in advance

Tags:

2

Answers


  1. 0

    You can integrate your Spring Boot back-end with external authentication provider using JWT by defining a custom security filter in your spring boot app. This filter will read the JWT issuer (iss) and define where it comes from (Facebook or Google). Then, based on the provider, use the appropriate public key to verify the signature included in the JWT (normally, you can use the JWKS URI provided by the authentication providers to get the key). If all good, authentication is success.

    Login or Signup to reply.
  2. 0

    I use

    • Flutter
    • Spring for database access (REST)
    • Firebase for authentication

    The problem was: how do I authenticate REST requests?

    The short answer: send the Firebase access token to the Spring server where the token is validated. If it is valid, grant acces. Else return 403 forbidden.

    The more detailed answer:

    Authenticate in Flutter

    FirebaseAuth.instance.signInWithPopup(GoogleAuthProvider())

    Get the JWT access token IFF login was successful. (You may rather use userCredential.user instead of currentUser)

    FirebaseAuth.instance.currentUser!.getIdToken();

    Add the token to your http-request header

    final response = await http.get(
  Uri.parse('https://example.com/example'),
  headers: {
    HttpHeaders.authorizationHeader: 'your_api_token_here',
  },
);

    Then validate the token on server side. Read this for details:
    https://firebase.google.com/docs/auth/admin/verify-id-tokens#java

    FirebaseToken decodedToken = FirebaseAuth.getInstance().verifyIdToken(idToken);
String uid = decodedToken.getUid();

    Your Spring application will be able validate that the token is correct and not yet expired.

    I highly suggest to send the token over https only! Do not use http.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search