By Syed Rizwan

2-how-to-implement-oauth-20-in-a-spring-boot-application.html

How to Implement OAuth 2.0 in a Spring Boot Application

In today's digital landscape, securing your web applications is more crucial than ever. One of the most effective ways to handle user authentication and authorization is through OAuth 2.0. This powerful framework allows you to grant third-party applications limited access to your HTTP services without exposing the user's credentials. In this article, we'll walk through how to implement OAuth 2.0 in a Spring Boot application, guiding you step-by-step with clear code examples and actionable insights.

What is OAuth 2.0?

OAuth 2.0 is an authorization framework that enables applications to obtain limited access to user accounts on an HTTP service, such as Facebook or GitHub, without exposing passwords. It allows users to grant access to their resources on one site to another site without sharing their credentials.

Key Components of OAuth 2.0

  • Resource Owner: The user who owns the data.
  • Resource Server: The server hosting the user data.
  • Client: The application requesting access to the resource server.
  • Authorization Server: The server that authenticates the user and issues access tokens to the client.

Use Cases for OAuth 2.0

  • Third-party integrations: Allow users to log in using their Google or Facebook accounts.
  • Mobile applications: Securely access resources from a mobile app without storing sensitive credentials.
  • API access: Enable other services to access your API securely.

Setting Up Your Spring Boot Application

To implement OAuth 2.0 in a Spring Boot application, you'll first need to set up a Spring Boot project. You can use Spring Initializr to bootstrap your application with the required dependencies.

Step 1: Create a Spring Boot Project

  • Dependencies: Add the following dependencies in your pom.xml:
<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-oauth2-client</artifactId>
</dependency>
<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
</dependency>

Step 2: Configure Application Properties

In your application.properties, configure the OAuth 2.0 client details. For this example, we’ll connect to GitHub:

spring.security.oauth2.client.registration.github.client-id=YOUR_CLIENT_ID
spring.security.oauth2.client.registration.github.client-secret=YOUR_CLIENT_SECRET
spring.security.oauth2.client.registration.github.scope=user:email
spring.security.oauth2.client.registration.github.redirect-uri={baseUrl}/login/oauth2/code/{registrationId}
spring.security.oauth2.client.provider.github.authorization-uri=https://github.com/login/oauth/authorize
spring.security.oauth2.client.provider.github.token-uri=https://github.com/login/oauth/access_token
spring.security.oauth2.client.provider.github.user-info-uri=https://api.github.com/user

Replace YOUR_CLIENT_ID and YOUR_CLIENT_SECRET with your GitHub OAuth application credentials.

Step 3: Create a Security Configuration Class

Create a new class SecurityConfig.java to handle security configurations:

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
                .antMatchers("/", "/login").permitAll()
                .anyRequest().authenticated()
                .and()
            .oauth2Login();
    }
}

This configuration allows unauthenticated users to access the home page and login page, while all other requests require authentication.

Step 4: Create a Controller to Handle OAuth 2.0 Login

Now, create a simple controller to handle requests and provide a welcome message upon successful login:

import org.springframework.security.core.annotation.AuthenticationPrincipal;
import org.springframework.security.oauth2.core.user.OAuth2User;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.GetMapping;

@Controller
public class MainController {

    @GetMapping("/")
    public String home() {
        return "home";
    }

    @GetMapping("/user")
    public String user(@AuthenticationPrincipal OAuth2User principal, Model model) {
        model.addAttribute("name", principal.getAttribute("name"));
        return "user";
    }
}

Step 5: Create HTML Templates

Create two HTML files: home.html and user.html in the resources/templates directory.

home.html:

<!DOCTYPE html>
<html>
<head>
    <title>Home</title>
</head>
<body>
    <h1>Welcome to OAuth 2.0 with Spring Boot</h1>
    <a href="/oauth2/authorization/github">Login with GitHub</a>
</body>
</html>

user.html:

<!DOCTYPE html>
<html>
<head>
    <title>User Info</title>
</head>
<body>
    <h1>Hello, {{name}}</h1>
    <a href="/">Logout</a>
</body>
</html>

Step 6: Run Your Application

Run your Spring Boot application, and navigate to http://localhost:8080. Click on the "Login with GitHub" link, and you should be redirected to the GitHub login page. After successful authentication, you will be taken to the user info page displaying your name.

Troubleshooting Common Issues

  • Redirect URI Mismatch: Ensure that the redirect URI configured in your GitHub OAuth application matches the one in your application.properties.
  • Client ID/Secret Issues: Double-check your GitHub credentials to ensure they are correct.
  • Dependencies: Make sure all required dependencies are included in your pom.xml.

Conclusion

Implementing OAuth 2.0 in a Spring Boot application simplifies user authentication and provides secure access to protected resources. By following these steps, you can integrate OAuth 2.0 with popular platforms like GitHub seamlessly. As you develop your application further, consider exploring additional features such as token refresh and scopes to enhance your user experience.

Feel free to customize and extend this implementation based on your application's specific needs, and always keep security as a top priority. Happy coding!

SR
Syed
Rizwan

About the Author

Syed Rizwan is a Machine Learning Engineer with 5 years of experience in AI, IoT, and Industrial Automation.