@jgrandja @rwinch @jzheaux I am working on a project with Android and IOS developers. We have our backend as full Spring Stack(Spring Boot) and Front end as Native Android & Native IOS Apps. We want to do login with Google and Facebook in our Frontend(Native Android & Native IOS Apps). Frontend developes have already implemented: 1. Login with Facebook useing SDK provided by facebook for Native Android and Native IOS https://developers.facebook.com/docs/facebook-login/android/ https://developers.facebook.com/docs/facebook-login/ios/ 2. Login with Google useing SDK provided by Google for Native Android and Native IOS https://developers.google.com/identity/sign-in/android/backend-auth(Please Check TODO in Step 4 Given By Google).

So now few quesions I would like to put and have Healthy Discuss with Spring Security Team: 1. How we can Integrate this case with our Backend using Spring Security? 2. What is the best possible way to integrate this use case with Spring Security? 3. Is this case fits with any existing Authentication Mechanism we have in Spring Security? 4. How this use case goes with OAuth Login Support in Spring Security?

Possible solution I can think of is to provide a AuthenticationFilter which take Provider and Token as input which validates Token with a Provider with some mechanish. The Filter based on result of Token validation do the authentication and authorization.

I think this usecase is very common and will be encountered by almost every Spring Developer.

I could have written this question on StackOverFlow. But I have written here because I would like this use case either to be discribed in Spring Security Reference Documentation by some Examples or have inbuild support for it in Spring Security by some means based on the outcome of this discussion

Comment From: jgrandja

@ankurpathak

I think this usecase is very common and will be encountered by almost every Spring Developer.

Agreed. And we should provide an easy way for mobile developers to implement this in a secure manner. Native apps can be tricky.

Let me dig into this a bit deeper and get back to you. In the meantime, you may find this useful - OAuth 2.0 for Native Apps.

Comment From: ankurpathak

@jgrandja Is this specification in Practice ie any Real Example useing it? Because most of OAuth and OpenID provider like Facebook, Google, Linkedin are providing SDK for Native Apps for doing Login With Them.

Comment From: jgrandja

@ankurpathak

Is this specification in Practice ie any Real Example useing it?

I'm not aware of any applications/libraries that are using it. However, I would expect there are a few out there given this reference documents best practices on how to integrate with native apps.

Comment From: xBioDreadx

Maybe there are already appeared some examples of this use case? Can you point to some of spring auth tools that can be used for it?

Comment From: orgesballa

Is there any update for this issue? The documentation is not very clear on how to proceed with native apps.

Comment From: jgrandja

Closing in favour of spring-security-samples#11 and spring-security-samples#12.