Hi, folks! I'm puzzled about the right place in code to add a step when authenticating with Facebook using OAuth integration in CAS version 3.5.2.
As far as I understand, the step-by-step of the OAuth/Facebook authentication is: 1. CAS Login screen is presented. 2. User clicks on "Login with facebook", gets redirected to facebook and complete authentication steps. 3. Facebook calls CAS server with access code. 4. CAS server verify access code with Facebook and receives an access_token. 5. CAS server calls client site's login url, sending the authentication details. What I need is to add one step between steps 4 and 5 in order to call an internal API that handle some business logic and add some data to the authentication details to be sent in the last step. Thus, the final step-by-step would be: 1. CAS Login screen is presented. 2. User clicks on "Login with facebook", gets redirected to facebook and complete authentication steps. 3. Facebook calls CAS server with access code. 4. CAS server verify access code with Facebook and receives an access_token. 5. CAS server calls an internal API passing the authentication details as parameters and getting some other details in return. 6. CAS server calls client site's login url, sending the authentication details containing both the informations returned by Facebook and the informations returned by the internal API. My best guess is that I need to create a subclass of org.jasig.cas.support.oauth.authentication.handler.support.OAuthAuthenticationHandler and override the doAuthentication method or the preAuthenticate method but how can I add the data received as response of the internal API call to the bulk of data sended to the client site's login url in the last step? Thanks so much! *Frederico Zveiter* -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
