Dear community,
How to get OAUTH2 Authorization from Liferay with Facebook Identity Provider ?
Using Liferay 7.1 CE, I can authenticate using a Facebook account and it works pretty well. I can also use OAuth2 to get access to some resources such as REST endpoints. However, how could I merge both of them and authenticate through Facebook then authorize with Liferay ?
I have a REACT application upfront to my headless Liferay. User interacts with the REACT Application directly and the latter sends API requests to Liferay backend. For normal authentication, we just the "Resource Owner Password" flow:
https://portal.liferay.dev/docs/7-1/deploy/-/knowledge_base/d/authorizing-account-access-with-oauth2[code]https://[hostname]/o/oauth2/token?grant_type=password&client_id=[client ID]&client_secret=[client secret]&username=[user@emailaddress.com]&password=
But I'd like to introduce Facebook login upfront. Thus, I was thinking about the following flow:
- user authenticates on Facebook directly from the REACT application
- Facebook will send back the code to REACT to the client.
- REACT send this code to Liferay using a specific API (because Liferay only offers a struts action to manage FB authentication so far) which is doing roughly the same as the struts action does. User account is created in database.
- then... question mark ?
Indeed,
- if I populate the session with a token such as the struts action does, it may trigger the Facebook autologin action BUT when requesting /o/oauth2/token, it doesn't go through the autologin process
- I do not really use the session so far (because I send back the OAuth token in Authorization header) for each request. I could try to setup a unique and temporary token at step 3 (see above) and send it back to the client. THen, when the client would call the OAuth2 API to get his authorization token, a servlet filter could check that token and authenticate the user. But it doesn't look a clean solution
What would you suggest ?
