What comes to your mind when we say OAuth2?
In simple words, if we don’t want to use username and password, nowadays we are heavily relying on Google for our day to day works like Gmail, YouTube, etc. Why not use same credential in other interfaces? So for that purpose we have concept called OAuth 2.0.
OAuth 2.0, often referred to as OAuth2, is a widely-used authorization framework that allows applications to obtain limited access to user accounts on an HTTP service without exposing user credentials.
How to implement OAuth2 in our Spring Boot project?
Implementing OAuth2 in a Spring Boot project involves setting up authentication and authorization using Spring Security. Let’s understand how Spring Security works.
As shown in the figure, client send request to our project, Spring Security intercepts incoming requests using the filter chain. The filter chain in Spring Security is a series of Servlet filters that process incoming HTTP requests to handle authentication, authorization, and other security-related concerns. Each filter in the chain has a specific responsibility and executes sequentially. If a filter determines the request is invalid or unauthorized, it can block further processing.
Once it validated all the layer it passes the request to controller class. In this project, we are going to customize one of the Spring Security filter chain i.e. securityFilterChain and integrate OAuth2.
Let’s setup the project
To generate Spring Boot project used https://spring.io/ because it provides a comprehensive framework for developing Java enterprise applications, simplifying the process by reducing boilerplate code, managing infrastructure complexities, and allowing developers to focus on core business logic.
Overview of project setup as follows:
Project: Maven
Language: Java
Spring Boot: 3.4.0
Java version: 17
Dependencies: Spring Web & OAuth2 Client
Note: OAuth2 internally uses Spring Security features.
As project name SpringOAuth2 and it’s hierarchy as follows. We have created Config and Controller package to achieve OAuth implementation.
Let’s understand each classes in details.
a. OAuthController.class: This class accept client request on “/” and return string “Hello OAuth”.
b. SecurityConfig.class:
@Configurable
Indicates that this class is a configuration class in Spring.
(Likely intended to be
@Configuration, which is the correct annotation for Spring configuration classes.)
@EnableWebSecurity
Enables Spring Security for the application.
Indicates that this class provides the configuration for the Spring Security filter chain.
securityFilterChain() this method defines a bean for SecurityFilterChain. It customizes how the application handles security through the HttpSecurity object.
auth.anyRequest().authenticated() ensures that all requests require authentication. No public or open endpoints are allowed with this configuration.
Enables OAuth2 client support for the application. Interact with an external OAuth2 authorization server to obtain access tokens. Customizer.withDefaults() applies the default configurations for the OAuth2 client.
c. application.properties: In this file we have port our spring boot application use during startup. Along with that we have mentioned client id and client secret ( Google and GitHub).
Steps to generate client id and client secret key in Google and GitHub
a. On Google: Search “Google Cloud Platform” and go to which show below page.
In below mentioned picture I have mentioned steps in numeric do be done in order to generate client id and secret key.
Generated client id and secret key we have to use in our application.
b. On GitHub
Login to GitHub account → Go to settings → Developer settings → OAuth apps
click on new OAuth app and pass necessary application details.
Let’s start our project now. Below show application startup logs which is started on 8083 port.
We can verify the same from CLI tools here I used CMD
Spring Security by default provides it’s own authentication page if we don’t use OAuth2 mode. It looks like this.
Once application start we can access our page using localhost:8083/login
It will ask OAuth2 mode of authentication in our case we have configured Google and GitHub as shown below.
If we click on Google mode.. it looks like this and click on any account which we want to authenticate.
It will ask for permission to continue, once done will get result.
Here we go!!
If we choose GitHub it will looks like this, pass GitHub credentials and we are done!!
Result.
Finally we have completed OAuth2 implementation using Spring Boot. Let me know the feedback. Uploaded source code on below repository.
Repository:
https://github.com/sandeep15rana/hashnode-project.git
Happy Reading..!!