Announcement Announcement Module
No announcement yet.
Firewall blocking access to social media sites Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Firewall blocking access to social media sites

    I guess this may not be the right forum to present this question. But since the context also involves Spring Social, I felt that the user community here may have faced similar issues. So, any pointers towards a possible solution would help.

    We have implemented Spring Social in our application and currently provide access to Facebook & LinkedIn. This includes authenticating the user's Facebook/LinkedIn credentials via the service provider's (FB/LI) site.
    Now, since a number of companies block access to social media sites through their network firewall, our application is unable to present the FB/LI login page.

    All other API calls such as Share, Profile Search are routed through our application server and the firewall can be configured to allow access to the application server.

    But since the redirection to the FB/LI login page happens via the browser, the page is inaccessible.

    Could you throw some pointers on how to get around this problem?
    I believe we cannot have a custom login page to accept Facebook/LinkedIn credentials and then forward the same to their server.

    Please provide your ideas & thoughts.

    Thanks in advance.

  • #2
    The best way to obtain an access token is via the OAuth 2 authorization code grant...which, by definition, requires a redirect in the browser. If the firewall blocks that redirect, then you've got a bit of a problem.

    In some OAuth2 providers, you might have the option of doing resource owner credentials grant (or "password grant" for short). With password grant, your app asks the user for their credentials at the provider and you exchange those credentials for an access token.

    As far as I can tell (both from documentation and from my own tests), Facebook doesn't support password grant. Even if it did, it's a scarier option for web applications, because you are asking the user to give you their Facebook password. Obviously this is likely to raise eyebrows. Password grant is not really intended for web applications--its best suited for native applications (mobile or desktop) where a redirect would be awkward or impossible and where there is a higher degree of trust between the user and the application (which is sitting right in front of them as opposed to running on a server farm somewhere).

    I've not tried password grant with LinkedIn, but I suspect it won't work with them, either. Authorization code grant is really the best option. Unfortunately, it doesn't play well with firewall blocking.

    If there is a workaround for this, I'd be very interested in hearing about it myself.


    • #3
      Many thanks for your response, Craig.
      Yes. Facebook & LinkedIn do not allow password grant. The application must redirect to their respective authentication pages.
      We have not found an answer yet. I will surely share the same here if we find any alternate solution.