Rest, Spring own OAuth2 server + OAuth2 providers like Facebook, Google, Yahoo -

in spring boot application have secured spring mvc rest endpoints spring security , spring oauth2. have own authorization\resource servers in order comunicate our api, client(angularjs) needs obtain acesstoken api authorization server.

everything works fine authentication/authorization on api, user needs create account , provide username/password.

i'd simplify process , propose user authenticate on api via google/facebook/twitter oauth providers.

right have no clear understanding how must work.. example 1 of ideas - facebook issue own accesstoken , pass api. based on accesstoken api issue own accesstoken , pass client application(angularjs). or should pass facebook accesstoken directly client app ?

what correct architecture described case ? how should work ?

maybe there example demonstrates architecture based on spring framework ?

if want delegate authentication external provider can use oauth2clientauthenticationprocessingfilter, or convenience annotations , external configuration provided in spring cloud security. example (from spring cloud security home page):

aplication.java:

@springbootapplication @enableoauth2sso public class application {    ... } 

application.yml:

spring:   oauth2:     client:       clientid: bd1c0a783ccdd1c9b9e4       clientsecret: 1a9030fbca47a5b2c28e92f19050bb77824b5ad1       accesstokenuri: https://github.com/login/oauth/access_token       userauthorizationuri: https://github.com/login/oauth/authorize       clientauthenticationscheme: form     resource:       userinfouri: https://api.github.com/user       prefertokeninfo: false 

that works github if app running on port 8080 (i believe). similar configuration works facebook, cloud foundry, google , other oauth2 providers.