JCH
Java Community | Help. Code. Learn.16mo ago
Ed

Security Question for Spring boot

Is my flow logic correct security wise for implementation of authentication with facebook ?
No description
21 Replies
JavaBot
JavaBot16mo ago
This post has been reserved for your question.
Hey @Ed! Please use /close or the Close Post button above when your problem is solved. Please remember to follow the help guidelines. This post will be automatically closed after 300 minutes of inactivity.
TIP: Narrow down your issue to simple and precise questions to maximize the chance that others will reply in here.
Ed
EdOP16mo ago
this is more clear maybe:
No description
Unknown User
Unknown User16mo ago
Message Not Public
Sign In & Join Server To View
dan1st
dan1st16mo ago
assuming the endpoints work like that, you can do it like that though make sure to not request unnecessary permissions Also are you sure you want to use facebook for authentication?
Ed
EdOP16mo ago
i know oauth is basically using that token for all time, but i dont want that because i want to have my own user table in backend
dan1st
dan1st16mo ago
I don't see any authorization in the image well at least not really it does look more like authentication to me
Ed
EdOP16mo ago
no you are right my bad, i mean all i want from facebook is to give me basic information
dan1st
dan1st16mo ago
yeah, just make sure to set the scope of what you are requesting is the minimum you need
Ed
EdOP16mo ago
yeah its basically name email id
dan1st
dan1st16mo ago
looks fine to me
Ed
EdOP16mo ago
they are basic info to fill my user table and later i complete it by my self, but it gives me a way to connect users faster
dan1st
dan1st16mo ago
also maybe facebook has something for one-time use tokens
Ed
EdOP16mo ago
i couldn't find any
dan1st
dan1st16mo ago
Aside from that, you don't specify what happens if anything fails
Ed
EdOP16mo ago
in google we have idtoken, which is 5 minute token that expire by itself but facebook is 24 hour token that is access type
dan1st
dan1st16mo ago
e.g. if 6. tells you that the token is invalid or 7. doesn't work
Ed
EdOP16mo ago
yeah i haven't figured it out yet i just wanted to make sure there is no security issues here like access_token is not used incorrectly or something
dan1st
dan1st16mo ago
if there are none, it's fine I don't see any in your diagram. That doesn't mean there are none (just that I didn't see any) and there could also be any issues with your implementation and depending on what you do with that, there could be issues
Ed
EdOP16mo ago
thats good enough for me i will continue with the same logic then Thanks for the help!
JavaBot
JavaBot16mo ago
If you are finished with your post, please close it. If you are not, please ignore this message. Note that you will not be able to send further messages here after this post have been closed but you will be able to create new posts.
JavaBot
JavaBot16mo ago
Post Closed
This post has been closed by <@351059014341099521>.

Did you find this page helpful?