Spring Boot 3.0 Third Party Login With OAuth 2.0

Durjoy Acharya
3 min readJul 22, 2023

--

1. Overview

What is OAuth 2.0 ?

First of all what is OAuth 2.0 so the OAuth 2.0 which stands for open authorization is a standard designed to allow a website or application to access resources hosted by other web apps on behalf of a user so it replaced the OAuth 1.0 in 2012 and is now the fact to industry standard for online authorization so the OAuth 2.0 provides consented access and restriction restricts actions of what the client app can perform on resources on behalf of the user without ever sharing the user credentials. So this is the most important sentence is without sharing the user credentials so its like having an application that manages all the users like in the separate way and any other application wants to use this as an authorization system the don’t need to provide it or they don’t need to request the authorization or the credentials of that user so the user is already managed by within a different application and then this authorization server will be just used as a security layer for our application.

Now Let’s move on a bit and understand a few other standards

What is the principle of OAuth 2.0 ?

OAuth 2.0 is an authorization protocol and not an Authentication Protocol. The principles of OAuth 2.0 revolve around providing a secure and standardized way to enable delegated access to resources on behalf of a user or an application.The OAuth 2.0 uses access tokens and an access token is the pice of data that is represents the authorization to access resources on behalf of the end user. OAuth 2.0 doesn’t define a specific format of access token however in some context a json web token or the jwt format is often used. For security reasons access tokens may have an expiration time so those are the core principle of the OAuth 2.0.

Visualize the hole scenario

Lets move on implementation

Here i use third party auth with Google, Facebook, Github

First Of all we need to Client-ID & Client-Secret from Third Party Auth Providers

For Google Click Here

For Facebook Click Here

For Github Click Here

2. Maven Dependencies

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>3.1.2</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>com.app</groupId>
<artifactId>ThirdPartyLogin</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>SocialLogin</name>
<description>SocialLogin</description>
<properties>
<java.version>20</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-client</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>

<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>

<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<configuration>
<excludes>
<exclude>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
</exclude>
</excludes>
</configuration>
</plugin>
</plugins>
</build>

</project>

3. Security Config

@Configuration
@EnableWebSecurity
public class SecurityConfig {
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity security) throws Exception {
return security
.csrf(AbstractHttpConfigurer::disable)
.authorizeHttpRequests(auth->auth.anyRequest()
.authenticated()
).oauth2Login(Customizer.withDefaults()).build();
}
}

4. Configuration

spring.security.oauth2.client.registration.github.client-id=<Client-Id>
spring.security.oauth2.client.registration.github.client-secret=<Client-Secrete>
spring.security.oauth2.client.registration.google.client-id=<Client-Id>
spring.security.oauth2.client.registration.google.client-secret=<Client-Secrete>
spring.security.oauth2.client.registration.facebook.client-id=<Client-Id>
spring.security.oauth2.client.registration.facebook.client-secret=<Client-Secrete>
spring.security.oauth2.client.registration.facebook.redirect-uri=http://localhost:8080/api/v1/myapp

5. Controller

@RestController
@RequestMapping("api/v1/myapp")
public class SocialController {
@GetMapping
public ResponseEntity<String> welcome(){
return new ResponseEntity<>("<center><h2>Welcome Durjoy From SpringBoot Secure Endpoint</h2><center>", HttpStatus.OK);
}
}

6. Accessing with secure endpoint

Now when we go into the browser and try to access the http://127.0.0.1:8080/api/v1/myapp page, we’ll be automatically redirected to the OAuth server login page under http://127.0.0.1:8080/login URL:

Further requests to the articles endpoint won’t require logging in, as the access token will be stored in a cookie.

For Source Code given here

This is my first writing, and if there are any mistakes, I hope to learn from them and grow as a writer. Constructive feedback and guidance are warmly welcomed on this path of improvement.

Thank You

--

--

Durjoy Acharya

Quick Learner || Problem Solver || .NET Core || Spring Boot || Software Engineer || Tech Enthusiast