Callback configuration

For indirect clients (like Facebook), the user is redirected to an external identity provider for login and then back to the application. Thus, a callback endpoint is required in the application. It is managed by the CallbackFilter which has the following behaviour:

1. the credentials are extracted from the current request to fetch the user profile (from the identity provider) which is then saved in the web session

2. finally, the user is redirected back to the originally requested url (or to the defaultUrl).

Setup with annotations

In order to bind the filter to an URL, it must be bound to a JAX-RS Resource method using the @Pac4JCallback annotation.

For example:

    @GET
    @Pac4JCallback(skipResponse = true)
    public UserData loginCB(@Pac4JProfile Optional<CommonProfile> profile) {
        if (profile.isPresent()) {
            return new UserData(profile.getId(), profile.getDisplayName());
        } else {
            throw new WebApplicationException(401);
        }
    }

Available parameters

1. defaultUrl (optional): it's the default url after login if no url was originally requested (/ by default)

2. multiProfile (optional): it indicates whether multiple authentications (and thus multiple profiles) must be kept at the same time (false by default)

3. renewSession (optional): it indicates whether the web session must be renewed after login, to avoid session hijacking (true by default).

4. defaultClient (optional): it defines the default client to use to finish the login process if none is provided on the URL (not defined by default)

5. skipResponse (optional): by default pac4j builds an answer (to redirect to the originally requested url), if this is set to true then the response will be skipped. Coupled with the CommonProfile parameter injection (see below), it can be useful to implement the desired answer (for example 401) in the resource method.