Spring boot OAuth2 + mobile client (password and FB login)

Question

I am developing a REST API with Spring Boot. I have implemented OAuth2 authorization server, so I am able to call my rest API to get a token:

localhost:8080/oauth/token -d "grant_type=password&scope=write&username=myuser&password=mypassword" -u myclient:mysecret

Now I want to implement "Sign up with FB" functionality, so I am thinking about the following flow:

1. User clicks on the "Sign up with FB" button.
2. Mobile app app makes a call to FB and gets an Access Token from FB
3. Mobile app sends this access token to the backend
4. Backend creates a new user entity and sends back a new access token (together with refresh token) issued by authorization server.

But I am not sure how to implement the step 4. I tried to find an example on internet, but didn't have any luck. Does anybody have an idea how to implement it?

Here is my OAuth2 implementation: https://gist.github.com/osgafarov/8530464d25895512862a3d1f6013170e

Many thanks!

Answer 1

I understood that you need to signup using fb. but its not suggestible that using the credentials flow, instead that you can use the Implicit Flow.

1. When user clicks on SignUp using FB Button mobile app Should open embedded browser (SFSafariViewController) and it will open the authorize end point.
   2. when user clicks on approve or Okay the Browser redirects backs(Implicit flow) and closes the Browser View. here you will get the accesstoken in the URI.
   3. Post that AccessToken to your Backend and Obtain the User Information from Facebook from that accesstoken.
   4. Then insert that data into UrDB(in Backend) and return the response to ur client App. https://5ecfdd32d0a3264463ba-8110a1171af36b468f9bd61da395ee26.ssl.cf2.rackcdn.com/blog/Screen%20Shot%202015-06-22%20at%206.42.07%20PM.png