I am using Spring Authorization Server in a local IdP project. It supports username/password authentication method for the user login process and OIDC for other local Apps.
The problem is when the local IdP as an OAuth2 Client for social login, after the social login success, the authentication is also success, but I want the social account connect to Local User Account first.
Because the local IdP is based on it’s own user account, one user account may have many social accounts. and other local Apps using this IdP by OIDC protocol and only got IdP’s user info in access_token.
-
If it’s the first time when the user using social login, after login successfully, It can not pass the authentication, it only got the social account info and then go to the connection process, the social account can connect to local user account by typing his username and password in sign in page or register a new local user account in sign up page, this is decided by user itself, not by system backend add a new user account automaticly.
-
When the connection is already done, next time when the user using social login successfully, because the Social Provider’s userId has already found and connected in local database, it can pass the authentication, there is a reference How-to: Authenticate using Social Login about it. In my case, I think this may be useful for the already connected user account.
I try to implement and expose OAuth2UserService by this guide: Spring Boot and OAuth2, it can add a social account to local database, but it’s not for the connection process.
I think the connection process is like the old Spring Social. it supports sign up and sign in. but it had been EOF since Spring Boot 2. In Spring’s blog Spring Social End of Life Announcement, and the blog article Using Spring Security 5 to integrate with OAuth 2-secured services such as Facebook and GitHub is for OAuth2 login and accessing API resource, but not for user connection process.
How can I do it?
1