Quick guide: Spring security OAuth2

Reading Time: 3 minutes

This blog is the continuation of my previous blog which was The next big thing OAuth 2.0. This post is dedicated to being practical so that you guys can implement the OAuth security service by just reading this post. We will be building a spring boot application that uses the Spring security OAuth2 feature.

When building a web application authorization and authentication is a must-do thing nowadays. Of course for security purposes. But imagine how tedious, chaotic and costly the task is, fortunately, we got services like spring security and spring boot with the help of which we can implement our web application with OAuth2. Not to forget all these functionalities are easy to implement.

Prerequisite:

  • Maven build tool
  • Spring boot
  • The basic flow of OAuth2.0
  • Any project management tool like IntelliJ or eclipse

Now if it is all good we can start with setting up the project. And even if you are getting any problem just go through the above steps carefully before moving forward.

Steps to initialize the project

Create a new project by selecting the default spring initializer

Setup details like group Id, artifact Id and project name

Select spring cloud security OAuth2 as an add on dependency to your project and finish creating your project.

  • @EnableOAuth2Sso: Makes your service as an OAuth 2.0 client. This means it will be responsible for redirecting the resource owner to process the request.
  • @RestController: In spite it’s just a combination of @Controller and @ResponseBody.

Because we want our application to be accessible for the end-users and accomplish the purpose we should create an API endpoint. Luckily spring does that all for, so all you have to do is to use this annotation over your application @RestController. While the application could be complicated but for the shake of simplicity, our application will say only hello to the user. Have a look!!.

Yet the important part still remains that is to register the application with the Github OAuth2 authentication service. But please don’t get confused just be with me and this all will start making sense. To make things clear assume that our application is a client which asks Github to handle the authentication and authorization.

Register your application to Github OAuth service

For that, you need to go to the developer setting of the GitHub and create a new OAuth application. This is how it might look like.

Fill in the name of the application, set the homepage URL and callback URL. A hint homepage url and callback url could be same. Create the application and you will get a client id and client secret id, note it down.

Create a yml file and paste the following code

security:
  oauth2:
    client:
       clientId:
       clientSecret: 
       accessTokenUri: https://github.com/login/oauth/access_token
       userAuthorizationUri: https://github.com/login/oauth/authorize
       clientAuthenticationScheme: form
    resource:
      user-info-uri: https://api.github.com/user
      prefer-token-info: false 

Just put your client id and client secret id right in front of its respective key. We are done here that means our application with OAuth 2.0 authorization is ready to run and test.

This is the output I got after running the application

Output 1: Application will ask users to login with Github credentials

Output 2: You are seeing the output

I hope you guys find this blog useful and let me know your view in the comment section.

References:

<br>
<a href="http://www.knoldus.com/connect/contact-us.knol" target="_blank" rel="noopener noreferrer">
<img class="  wp-image-38019 aligncenter" src="https://www.knoldus.com/images/knoldus-blog-footer-banner.jpg" alt="Knoldus-blog-footer-image" width="595" height="420">
</a>
<br>

Written by 

Alok Jha is the QA Consultant at Knoldus Software LLP. He has good knowledge of languages Java, Java 8, Rust and JavaScript. As a QA, he always tries to explore the different type of software and tools.

1 thought on “Quick guide: Spring security OAuth24 min read

Comments are closed.

%d bloggers like this: