Introduction
OAuth 2.0 is a popular method for allowing applications to access user data without needing their passwords. It’s especially useful when you want to let one application access another application’s data.
OAuth 2.0 is an authorization framework that allows applications to obtain limited access to user accounts on an HTTP service, such as Facebook, GitHub, or Google, without exposing user credentials.
OAuth 2.0 is a security protocol that allows one application (the client) to access resources (like user data) hosted on another server (the resource server) on behalf of the user (the resource owner). This process is managed by an authorization server.
OAuth2 is a popular authorization framework that allows third-party applications to access a user’s data without exposing their credentials. In this blog post, we’ll walk through the process of implementing OAuth2 login in a Spring Boot application using GitHub as the authentication provider.
Prerequisites
- JDK 11 or later
- Maven or Gradle
- Any authorization server account
What is actually OAuth
Take an example of a teamviewer.
If you are a new user you need to sign up. You can sign up using google or microsoft or apple account. When doing so you are authorizing Google or microsoft or apple to allow teamviewer to access your profile info with teamviewer. This authorization is done using OAuth.
Key Components of OAuth 2.0
- Resource Owner: The user who owns the data.
- Client: The application requesting access to the user’s data.
- Resource Server: The server that has the protected user data.
- Authorization Server: The server that issues tokens to the client after the user grants permission.
How OAuth 2.0 Works
- The client requests authorization from the user.
- If the user approves, the client gets an authorization grant.
- The client exchanges the authorization grant for an access token from the authorization server.
- The client uses the access token to request the user’s data from the resource server.
- The resource owner will then use OAuth to authorize the resource server to share data with the client application.
- The client application must first register with the authorization server associated with the resource server. This is usually a one-time task. Once registered, the registration remains valid, unless the client application registration is revoked. At registration the client application is assigned a client ID and a client secret (password) by the authorization server. The client ID and secret is unique to the client application on that authorization server.
- For example if we click on Continue with Google, we get the following screen. Here we can see teamviewer client id.
In the above example of teamviewer, we have 4 actors-
- Resource Owner – This is the user who wants to sign up using teamviewer.
- Client Application – This will be teamviewer
- Resource Server – This will be Gmail or microsoft,apple.
- Authorization Server – The resource server hosts the protected user accounts, and the authorization server verifies the identity of the user then issues access tokens to the application.
In this blog post, we’ll walk through the process of implementing OAuth2 login in a Spring Boot application using GitHub as the authentication provider.
Step 1 : Create a GitHub OAuth Application
- Go to GitHub and log in.
- Navigate to Settings > Developer settings > OAuth Apps.
- Click New OAuth App.
- Fill in the application details. The Authorization callback URL should be http://localhost:8080/login/oauth2/code/github.
- Once created, take note of the Client ID and Client Secret.
Step 2 : Set Up Your Spring Boot Application
Create a Spring Boot Project
You can create a new Spring Boot project using Spring Initializr (https://start.spring.io/). Add the following dependencies:
- Spring Web
- Spring Security
- Spring Boot OAuth2 Client
Configure Application Properties
Add the following configuration to application.yml:
Replace YOUR_CLIENT_ID andYOUR_CLIENT_SECRET with the values from your GitHub OAuth application.
Create the Security Configuration
Create a SecurityConfig class to configure Spring Security:
Here, The filterChain method configures Spring Security to ensure that all incoming HTTP requests are authenticated and sets up OAuth2 login.
package com.ignek.oauth_int.config;
import static org.springframework.security.config.Customizer.withDefaults;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.SecurityFilterChain;
@Configuration
public class SecurityConfig {
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.authorizeHttpRequests(auth -> auth.anyRequest().authenticated())
.oauth2Login(withDefaults());
return http.build();
}
}
Create a REST Controller
Create an OAuthController to handle requests:
package com.ignek.oauth_int.controller;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
@RequestMapping("api/v1/demo")
public class OAuthController {
@GetMapping
public ResponseEntity test() {
return ResponseEntity.ok("Hello from secure endpoint");
}
}
The Main Application Class
package com.ignek.oauth_int;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
@SpringBootApplication
public class OauthIntApplication {
public static void main(String[] args) {
SpringApplication.run(OauthIntApplication.class, args);
}
}
Run Your Application
Run your Spring Boot application. Navigate to http://localhost:8080/api/v1/demo in your browser. You should be redirected to GitHub to authorize the application. After authorizing, you’ll be redirected back to your application and see the message “Hello from secure endpoint”.
Output
Conclusion
In conclusion, we know how to implement OAuth2 login in a Spring Boot application using GitHub as the authentication provider. This setup allows users to log in to your application securely without needing to create a separate account, leveraging their existing GitHub credentials. This approach can be extended to other OAuth2 providers like Google, Facebook, and more.