Announcement Announcement Module
No announcement yet.
How to use cationFilter? Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    Originally posted by blandger View Post
    I'm trying to create 'canvas app' using Yuan's approach and code base from his excellent blog posts and I'm curious....
    1. Is socialAuthenticationFilter can handle security issues for canvas FB web-app ?
    2. How properly initialize it for canvas app? Say I have 'web ur = http://site/signin' and 'canvas url = http://site/signin/facebook/'
    I hit the break point in controller's code:
           @RequestMapping(value = "/signin/")
       	public String signin(NativeWebRequest request, Model model) {
       	private String getAuthorizationUrl(NativeWebRequest request) {
               ConnectionFactory<Facebook> connectionFactory = connectionFactoryLocator.getConnectionFactory(Facebook.class);
               String authUrl = connectSupport.buildOAuthUrl(connectionFactory, request);// + "%2Ffacebook";
    Is anybody have good experience using SocialAuthenticationFilter for canvas FACEBOOK application ?

    After tweaking parameters:
    - on facebook developer app settings page (web-site URL + Canvas URL)

    different setting for filter like:
    - setFilterProcessesUrl(.. , filter.setSignupUrl(.. , filter.setPostLoginUrl(...

    - adding internal controller + page with JS 'redirect' to FB auth url for getting 'app permissions' and redirecting back to 'web-app'

    I still can't understand how that stuff can (or should) be configured for canvas app authentication + spring security.


    • #17
      As I explained in a separate thread, the proper flow for FB canvas apps to receive an access token is very different from how either ProviderSignInController or SocialAuthenticationFilter work. Although I believe it is possible to use either PSIC or SAF with canvas, it's not the correct approach. I outlined what the correct approach should be in the other thread at


      • #18
        Originally posted by blandger View Post
        Graig, Is it worth to upgrade gradle build file to latest Spring 3.2.0.RELEASE dependency, to be 'line up' with other libraries?
        It shouldn't hurt, but I've not yet tried it with 3.2.0.RELEASE (I'm trying to maintain 3.1.x compatibility for now). If you run into any troubles with 3.2.0, let me know (by opening a bug issue in JIRA) and I'll take a look.