4

Anybody have experience using OAuth2.0 and OAuth 1.0a client authentication in same Spring Boot application? Having some trouble getting the 2 working in the same system. Our use case - User can connect multiple 3rd party accounts to our web app. This connection happens via OAuth, and in the case of 3rd party services that use OAuth 2.0, we have no problems. Now we want to add Twitter as a supported connection, with their OAuth 1.0a path we are having a lot of trouble getting this to work. Can only find examples of this using spring-social and that probably doesn't fit our use case as it isn't compatible with the rest of our integration paths.

Any experience or input would be greatly appreciated.

rms.

Ray
  • 41
  • 2

2 Answers2

0

Keep in mind that OAuth 2.0 is really not backward compatible with OAuth 1.0, so you won't find a solution that will handle both versions simultaneously.

To help you understand better the difference between the two, I suggest reading How is OAuth 2 different from OAuth 1?

You would need to handle both version separately, which may lead to some pretty confusing pieces of code.

Anyhow, it's a shame that Twitter isn't migrating to OAuth 2.0 for user-based authentication, that would make everything much less complicated for you.

First off, you'll need both spring-security-oauth and spring-security-oauth2 dependencies. I suggest looking here: https://github.com/spring-projects/spring-security-oauth/tree/master/samples

There's an example for both versions.

I'm not sure how you configured your OAuth2, but since the two dependencies mentionned above do not use the same property names and OAuth2 can almost be entirely configured through the properties file, I doubt you need to worry about OAuth2's implementation.

I have an example about the implementation of OAuth2 with nearly no configuration required here https://github.com/TwinProduction/spring-security-oauth2-client-example , maybe you can start off that, add the OAuth 1.0 dependency and build your way up from there.

Good luck!

TwiN
  • 3,554
  • 1
  • 20
  • 31
0

My suggestion, Use scribe. They have done an amazing job getting the OAutdone across a large base of providers. Go to their example source code, plugin your appId and secret and you can pretty much see almost all the providers working

https://github.com/scribejava

jpvel
  • 1