Spring Boot OAuth2 Login Example

By Arvind Rai, January 24, 2020

This page will walk through Spring Boot 2.x OAuth2 login example. Spring Boot 2.x provides full auto-configuration for OAuth2 login. We just need to configure client id and client secret for OAuth2 provider such as GitHub, Facebook and Google in application property file and we are done. We can customize the configuration by overriding methods of WebSecurityConfigurerAdapter and using HttpSecurity.oauth2Login() method introduced in Spring 5.0. We need to create a bean for ClientRegistrationRepository to override OAuth2 property value.
Here on this page we will create a Spring Boot Security application for OAuth2 login using GitHub, Facebook and Google authentication provider.

Technologies Used
Maven Dependencies
Spring Boot 2.x OAuth2 Client Properties
Using Spring HttpSecurity.oauth2Login()
Overriding OAuth2 Auto-Configuration
Create Controller and View
Output
References
Download Source Code

Technologies Used

Find the technologies being used in our example.
1. Java 11
2. Spring 5.1.7.RELEASE
3. Spring Boot 2.1.5.RELEASE
4. Maven 3.5.2

Maven Dependencies

Find the Maven dependencies.
pom.xml

<parent>
	<groupId>org.springframework.boot</groupId>
	<artifactId>spring-boot-starter-parent</artifactId>
	<version>2.1.5.RELEASE</version>
	<relativePath />
</parent>
<properties>
	<context.path>spring-app</context.path>
	<java.version>11</java.version>
</properties>
<dependencies>
	<dependency>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-security</artifactId>
	</dependency>
	<dependency>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-web</artifactId>
	</dependency>
	<dependency>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-thymeleaf</artifactId>
	</dependency>
	<dependency>
		<groupId>org.springframework.security</groupId>
		<artifactId>spring-security-oauth2-client</artifactId>
		<version>5.1.7.RELEASE</version>
	</dependency>
	<dependency>
		<groupId>org.springframework.security</groupId>
		<artifactId>spring-security-oauth2-jose</artifactId>
		<version>5.1.7.RELEASE</version>
	</dependency>
</dependencies>

Spring Boot 2.x OAuth2 Client Properties

To enable OAuth2 login using Spring Boot 2.x auto-configuration, just configure minimum two properties given below and we are done.

spring.security.oauth2.client.registration.[registrationId].client-id

Registers client id.

spring.security.oauth2.client.registration.[registrationId].client-secret

Registers client secret.
The registrationId is google, github, facebook etc. To configure all these OAuth2 provider, find the property file.
application.properties

spring.security.oauth2.client.registration.github.client-id= github-client-id
spring.security.oauth2.client.registration.github.client-secret= github-client-secret

spring.security.oauth2.client.registration.facebook.client-id= facebook-client-id
spring.security.oauth2.client.registration.facebook.client-secret= facebook-client-secret

spring.security.oauth2.client.registration.google.client-id= google-client-id
spring.security.oauth2.client.registration.google.client-secret= google-client-secret

Find the equivalent YML file.
application.yml

spring:
  security:
    oauth2:
      client:
        registration:
          github:
            client-id: github-client-id
            client-secret: github-client-secret
          facebook:
            client-id: facebook-client-id
            client-secret: facebook-client-secret
          google:
            client-id: google-client-id
            client-secret: google-client-secret

Using Spring HttpSecurity.oauth2Login()

The HttpSecurity.oauth2Login() method has been introduced in Spring 5.0. The oauth2Login() method configures authentication support using an OAuth 2.0 or OpenID Connect 1.0 Provider. The default configuration will auto-generate a login page at /login URL. Find the code using oauth2Login() method.
SecurityConfig.java

package com.concretepage;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
	@Override
	protected void configure(HttpSecurity http) throws Exception {
		http.authorizeRequests().antMatchers("/", "/login**", "/error**").permitAll()
		        .anyRequest().authenticated()
		        .and().logout().logoutUrl("/logout").logoutSuccessUrl("/")
		        .and().oauth2Login();
	}
}

Overriding OAuth2 Auto-Configuration

To override Spring Boot auto-configuration for OAuth2 login, we need to create a bean for ClientRegistrationRepository which is instantiated by passing the list of ClientRegistration instances. The ClientRegistration is the representation of a client registration with an OAuth 2.0 or OpenID Connect 1.0 Provider. Find the sample code to override auto-configuration for OAuth2 login with GitHub and Google.
SecurityConfig.java

@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
	@Override
	protected void configure(HttpSecurity http) throws Exception {
		http.authorizeRequests().antMatchers("/", "/login**", "/error**").permitAll()
		        .anyRequest().authenticated()
		        .and().logout().logoutUrl("/logout").logoutSuccessUrl("/")
		        .and().oauth2Login();
	}

	@Bean
	public ClientRegistrationRepository clientRegistrationRepository() {
		List<ClientRegistration> registrations = new ArrayList<>();
		registrations.add(githubClientRegistration());
		registrations.add(googleClientRegistration());
		return new InMemoryClientRegistrationRepository(registrations);
	}

	private ClientRegistration githubClientRegistration() {
		return ClientRegistration.withRegistrationId("github")
                                .clientId("github-client-id")
				.clientSecret("github-client-secret")
				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
				.redirectUriTemplate("{baseUrl}/login/oauth2/code/{registrationId}")
				.authorizationUri("https://github.com/login/oauth/authorize")
				.tokenUri("https://github.com/login/oauth/access_token")
                                .userInfoUri("https://api.github.com/user")
				.clientName("GitHub").build();
	}

	private ClientRegistration googleClientRegistration() {
		return ClientRegistration.withRegistrationId("google")
                                .clientId("google-client-id")
				.clientSecret("google-client-secret")
                                .clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
				.redirectUriTemplate("{baseUrl}/login/oauth2/code/{registrationId}")
				.scope("openid", "profile", "email", "address", "phone")
				.authorizationUri("https://accounts.google.com/o/oauth2/v2/auth")
				.tokenUri("https://www.googleapis.com/oauth2/v4/token")
				.userInfoUri("https://www.googleapis.com/oauth2/v3/userinfo")
				.userNameAttributeName(IdTokenClaimNames.SUB)
                                .jwkSetUri("https://www.googleapis.com/oauth2/v3/certs")
				.clientName("Google").build();
	}
}

Create Controller and View

AppController.java

package com.concretepage;
import java.security.Principal;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.servlet.ModelAndView;

@Controller
public class AppController {
	@GetMapping("hello")
	public ModelAndView welcome(Principal principal) {
		ModelAndView mav = new ModelAndView();
		mav.setViewName("welcome");
		mav.addObject("name", principal.getName());
		return mav;
	}
}

index.html

<!doctype html>
<html>
<head>
  <title>Spring Security</title>
</head>
<body>
<h3>
<a href="/oauth2/authorization/github" th:href="@{/hello}" th:if="${#httpServletRequest?.remoteUser != undefined }">
      Go to Dashboard
</a>
<a href="/hello" th:href="@{/oauth2/authorization/github}" th:if="${#httpServletRequest?.remoteUser == undefined }">
      Login with GitHub
</a> <br/><br/>
<a href="/hello" th:href="@{/oauth2/authorization/facebook}" th:if="${#httpServletRequest?.remoteUser == undefined }">
      Login with Facebook
</a> <br/><br/>
<a href="/hello" th:href="@{/oauth2/authorization/google}" th:if="${#httpServletRequest?.remoteUser == undefined }">
      Login with Google
</a>
</h3>                
</body>
</html>

welcome.html

<!doctype html>
<html lang="en">
<head>
    <title>Welcome</title>
</head>
<body>
   Welcome <b th:inline="text"> [[${name}]] </b> <br/><br/>
   <form th:action="@{/logout}" method="POST">
        <input type="submit" value="Logout"/>
   </form>	
</body>
</html>

error.html

<!doctype html>
<html>
<head>
  <title>Spring Security</title>
</head>
<body>
  An error occurred.
</body>
</html>

Main.java

package com.concretepage;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;

@SpringBootApplication
public class Main {
	public static void main(String[] args) {
		SpringApplication.run(Main.class, args);
	}
}

Output

Download the project and enter client-id and client-secret for google, github, facebook in application.properties file.
Then run the following command from root folder of the project using command prompt.