Skip to main content

Part 3 :Authorising user using Spring Social (Google, Facebook, LinkedIn) and Spring Security

Part-3: Authorising user using Spring Social (Google, Facebook, LinkedIn) and Spring Security


In Part-1, We discussed how to authenticate with social providers like Facebook, Google, and LinkedIn. Along with that, we changed the default page flow for spring social, enabled it to be used by multiple users and provided support for Google.
In Part-2, We used spring-security to allow only logged in users to see secure pages, also we added registration page to register users.

So what is in this tutorial

Well if you have read and run the application up to  Part-2 then let me tell you that there is a bug in the code. Also, there might be a case where social network providers may not send all the required data.

So, what is the bug?

Create an account using registration and then log out, log in again now using social provider(same email id). Now if you try to log in using the email/password combination, you will receive an error.

In Simple terms to replicate the above bug

  • Register the user, using create an account and then log out
  • Use the same email address and log in by a social provider and log out
  • Now try using the email/password combination to log in and it will give an error

It won’t work because when we logged in through social provider it basically overwrote the password with the blank.

Also, the social provider may not provide all the information

All social providers send back the data differently and its very possible they may not send all the fields which you want for e.g Facebook may not return country, while Google may not return Title.

So what will we be doing

We will do a couple of things in this tutorial the first being

  • Fix the bug, create a new method in UserRepository to save without password
  • Check if we have received all the data if no send the user to a new page to collect all the information.

Saving the User without password when logging through social providers

We will add a method in UserRepository Interface called saveWithoutPassword and in this method, we will save all fields except the password.
This way we will make sure that the passwords saved are not overwritten.

Adding method in BaseProvider

In Base Provider class we will check if the password is empty, which indicates the user might have logged in from the Social provider so save all details except passwords by calling the saveWithoutPassword method.

Check if all information is available from Social Provider

Every Social Provider has some mandatory and not mandatory fields, which means they might not be capturing all the information. Also, some social providers may not provide all the information, which means that we should check if all information we need from our end is present and if absent ask the user to fill the missing information.

In BaseProvider class, we will add the method to check if all mandatory fields are not null and not blank.

and add the below condition in the method before saving, where we check if any information is missing then redirect the user to “incompleteInfo” page.

the complete method will look like this, you will need to do same for all social providers(Facebook, Google, and LinkedIn). Below is an example of class FaceBookProvider method.

Adding Incomplete Info

Add the incompleteInfo.html in src/main/resources/templates folder. Basically, in this HTML file using thymleaf constructs, we will check which fields of Userbean has not been populated and render the HTML fields where they are null.


That’s all, we have successfully created a login application which integrates with the different social providers and also allows us to register new users.


The above code can be cloned from here.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *