By Syed Rizwan

4-implementing-oauth-20-authentication-in-a-spring-boot-app.html

Implementing OAuth 2.0 Authentication in a Spring Boot App

In today's digital landscape, securing applications is paramount. With the rise of APIs and microservices, the demand for robust authentication mechanisms has never been higher. One such widely adopted standard is OAuth 2.0. In this article, we will delve into how to implement OAuth 2.0 authentication in a Spring Boot application, providing you with clear code examples, step-by-step instructions, and actionable insights.

What is OAuth 2.0?

OAuth 2.0 is an authorization framework that enables applications to obtain limited access to user accounts on an HTTP service. It allows users to grant third-party applications access to their information without sharing their passwords. Instead, the user authenticates directly with the service and receives an access token that grants access to specific resources.

Use Cases for OAuth 2.0

  • Third-Party Integrations: Allowing applications to access user data from services like Google, Facebook, or GitHub without handling user credentials.
  • Single Sign-On (SSO): Enabling users to log in once and gain access to multiple applications.
  • Mobile Applications: Securing APIs for mobile apps while ensuring user data is protected.

Prerequisites

Before we start implementing OAuth 2.0 in our Spring Boot application, ensure you have:

  • Java Development Kit (JDK) installed (version 8 or above)
  • Maven or Gradle for dependency management
  • A basic understanding of Spring Boot
  • An IDE (like IntelliJ IDEA or Eclipse)

Setting Up a Spring Boot Application

Step 1: Create a New Spring Boot Project

You can create a Spring Boot project using Spring Initializr. Select the following dependencies:

  • Spring Web
  • Spring Security
  • Spring Boot DevTools
  • OAuth2 Client

Step 2: Add Dependencies

If you are using Maven, add the following dependencies to your pom.xml:

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-oauth2-client</artifactId>
</dependency>
<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
</dependency>

For Gradle, include the following in your build.gradle:

implementation 'org.springframework.boot:spring-boot-starter-oauth2-client'
implementation 'org.springframework.boot:spring-boot-starter-security'

Step 3: Configure Application Properties

Next, configure the application properties to set up OAuth 2.0 client credentials. Open src/main/resources/application.yml and add the following configuration:

spring:
  security:
    oauth2:
      client:
        registration:
          google:
            client-id: YOUR_CLIENT_ID
            client-secret: YOUR_CLIENT_SECRET
            scope: profile, email
            redirect-uri: "{baseUrl}/login/oauth2/code/{registrationId}"
        provider:
          google:
            authorization-uri: https://accounts.google.com/o/oauth2/auth
            token-uri: https://oauth2.googleapis.com/token
            user-info-uri: https://www.googleapis.com/oauth2/v3/userinfo

Replace YOUR_CLIENT_ID and YOUR_CLIENT_SECRET with the credentials obtained from the Google Developer Console.

Step 4: Create a Security Configuration Class

To enable OAuth 2.0 in your application, create a security configuration class:

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
                .antMatchers("/", "/login**").permitAll()
                .anyRequest().authenticated()
                .and()
            .oauth2Login()
                .loginPage("/login")
                .defaultSuccessUrl("/home", true);
    }
}

Step 5: Create a Controller

Now, create a controller to handle requests and display user information after authentication:

import org.springframework.security.core.annotation.AuthenticationPrincipal;
import org.springframework.security.oauth2.core.user.OAuth2User;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.GetMapping;

@Controller
public class UserController {

    @GetMapping("/home")
    public String home(@AuthenticationPrincipal OAuth2User principal, Model model) {
        model.addAttribute("name", principal.getAttribute("name"));
        model.addAttribute("email", principal.getAttribute("email"));
        return "home"; // View name for displaying user info
    }

    @GetMapping("/")
    public String index() {
        return "index"; // Landing page
    }
}

Step 6: Create HTML Views

Create two HTML files in the src/main/resources/templates directory: index.html and home.html.

index.html:

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>OAuth 2.0 Login Example</title>
</head>
<body>
    <h1>Welcome to the OAuth 2.0 Example</h1>
    <a href="/oauth2/authorization/google">Login with Google</a>
</body>
</html>

home.html:

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>User Info</title>
</head>
<body>
    <h1>Welcome, ${name}</h1>
    <p>Your email: ${email}</p>
    <a href="/">Logout</a>
</body>
</html>

Step 7: Run Your Application

Finally, run your Spring Boot application. You should be able to navigate to http://localhost:8080/, click on the "Login with Google" link, and authenticate using your Google account. Upon successful login, you will be redirected to the home page, displaying your name and email.

Troubleshooting Tips

  • Invalid Client ID/Secret: Ensure that your Google Developer Console settings match your application properties.
  • Redirect URI Issues: Make sure the redirect URI in the Google Developer Console matches the one in your application properties.
  • Dependencies Not Found: Double-check your Maven or Gradle configuration for the correct dependencies.

Conclusion

Implementing OAuth 2.0 authentication in a Spring Boot application is a straightforward process that enhances the security of your app. By following the steps outlined in this article, you can set up a robust authentication mechanism that allows users to log in securely using their existing accounts. With this knowledge, you can further explore integrating other OAuth providers or enhancing your application's security features. Happy coding!

SR
Syed
Rizwan

About the Author

Syed Rizwan is a Machine Learning Engineer with 5 years of experience in AI, IoT, and Industrial Automation.