NavabITSolutions

Oauth2 Basic Login using Google

The default configuration is quite straight forward. create the springboot project using spring initializer and then Next, just refer to the the documentation of SpringBoot https://docs.spring.io/spring-security/reference/servlet/oauth2/login/core.html and use the default configuration class as starting point.

                    
                      package com.aouth2.basic.security;

                      import lombok.RequiredArgsConstructor;
                      import org.springframework.context.annotation.Bean;
                      import org.springframework.context.annotation.Configuration;
                      import org.springframework.security.config.Customizer;
                      import org.springframework.security.config.annotation.web.builders.HttpSecurity;
                      import org.springframework.security.oauth2.client.registration.ClientRegistration;
                      import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
                      import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
                      import org.springframework.security.oauth2.core.AuthorizationGrantType;
                      import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
                      import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames;
                      import org.springframework.security.web.SecurityFilterChain;

                      @Configuration
                      @RequiredArgsConstructor
                      public class SecurityConfig {

                          @Bean
                          public ClientRegistrationRepository clientRegistrationRepository() {
                              return new InMemoryClientRegistrationRepository(this.googleClientRegistration());
                          }


                          @Bean
                          public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                              http
                                      .authorizeHttpRequests(authorize -> authorize
                                              .anyRequest().authenticated()
                                      ).oauth2Login(Customizer.withDefaults());
                              return http.build();
                          }


                          private ClientRegistration googleClientRegistration() {
                              return ClientRegistration.withRegistrationId("google")
                                      .clientId("<google-client-id>")
                                      .clientSecret("<google-client-secret>")
                                      .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
                                      .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
                                      .redirectUri("{baseUrl}/login/oauth2/code/{registrationId}")
                                      .scope("openid", "profile", "email", "address", "phone")
                                      .authorizationUri("https://accounts.google.com/o/oauth2/v2/auth")
                                      .tokenUri("https://www.googleapis.com/oauth2/v4/token")
                                      .userInfoUri("https://www.googleapis.com/oauth2/v3/userinfo")
                                      .userNameAttributeName(IdTokenClaimNames.SUB)
                                      .jwkSetUri("https://www.googleapis.com/oauth2/v3/certs")
                                      .clientName("Google")
                                      .build();
                          }
                      }

Create an app using Google API Console. Follow, Credentials -> Create Credentials -> Web Application.

Create a web application and configure the Authorized JavaScript origins, and Authorized redirect URIs correctly.

In the above configuration, replace the google-client-id and google-client-secret with the Client ID and Client secret of your app.

Create a simple controller like below to see if we are able to retrieve user info from the auth provider.

                    
                      package com.aouth2.basic.controller;

                      import org.springframework.security.core.Authentication;
                      import org.springframework.web.bind.annotation.GetMapping;
                      import org.springframework.web.bind.annotation.RequestMapping;
                      import org.springframework.web.bind.annotation.RestController;

                      @RestController
                      @RequestMapping("/api/v1")
                      public class WelcomeController {

                          @GetMapping("/messages")
                          public Object sayHello(Authentication authentication) {
                              return authentication.getPrincipal();
                          }
                      }

That is all, just navigate to http://localhost:8080/login which will display the default login page configuration,

Full source code is available in GitHub Repository: Oauth2 Basic example using Google API

❮ Previous Next ❯

Spring Security Tutorial

Oauth2 Basic Login using Google