Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support to delegate authentication to OAuth providers #12

alvarosanchez opened this issue Jan 13, 2014 · 0 comments

Add support to delegate authentication to OAuth providers #12

alvarosanchez opened this issue Jan 13, 2014 · 0 comments


Copy link


This plugin is meant to be used in applications serving a REST API's to pure Javascript clients. The main authentication flow of this plugin is to allow you to authenticate your users against any Spring Security-compatible user directory (like a DB or an LDAP server).

However, there might be situations where you want to delegate the authentication against a third-party provider, like Google or Facebook. Unfortunately, your pure Javascript front-end application cannot request the providers directly using OAuth, because then the access keys will be made public.

So is this plugin's responsibility to provide endpoints so your Grails backend acts as a proxy for your front-end client.


The flow will be like the following:


  1. The client application requests and endpoint that requires authentication, so the server responds with a 401 response (*).
  2. The client redirects the user to the login form (*).
  3. This time, instead of using username and password, the user clicks on "Login with Google" button.
  4. Browser navigates to a Grails URL. Grails will generate a Google Login URL, giving Google a Grails callback URL.
  5. Browser navigates to Google Login. User logs in, and Google redirects the browser to the Grails callback URL.
  6. Browser navigates to that Grails callback URL. Then, Grails will use OAuth to fetch user information (like email) from Google. Based on that, will generate a REST API token and fetch and store principal information. The response from Grails will be a front-end URL where the token is a parameter.
  7. The browser will navigate to that URL, and the Javascript logic will read the token from the URL and store it locally.
  8. The client sends again a request to the protected resource, passing the token as an HTTP header (*).

The steps flagged with (*) remain unchanged from the normal flow.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
None yet

No branches or pull requests

1 participant