【发布时间】:2017-04-10 20:38:25
【问题描述】:
我正在实现一个 facebook 登录流程,我需要在重定向之前保存状态并在重定向回应用程序后检索它以进行验证。我试过这样:
@RequestMapping
public void redirectToFacebook(HttpSession session, HttpServletResponse response) throws IOException {
String state = UUID.randomUUID().toString();
session.setAttribute("facebook_state", state);
UriComponentsBuilder uriBuilder = UriComponentsBuilder
.fromUriString(providerLoginEndpoint)
.queryParam("redirect_uri", redirectUrl)
.queryParam("client_id", clientId)
.queryParam("scope", "public_profile")
.queryParam("state", state)
.queryParam("response_type", "code");
response.sendRedirect(uriBuilder.toUriString());
}
@RequestMapping("/redirect")
public String authorize(Model model, HttpSession session,
@RequestParam("code") final String code,
final @RequestParam("state") String state) {
String originalState = (String) session.getAttribute("facebook_state");
//...
}
Hovever originalState 为空,callack 后会话 ID 不同。有没有办法在第三方主机重定向前后保持会话状态?
【问题讨论】:
标签: spring facebook spring-mvc session oauth