By Syed Rizwan

6-integrating-oauth-20-authentication-in-a-spring-boot-application.html

Integrating OAuth 2.0 Authentication in a Spring Boot Application

In today's digital landscape, security is paramount. As developers, we need to ensure that our applications protect user data while providing a seamless user experience. One of the most widely adopted protocols for authentication is OAuth 2.0. This article will guide you through the process of integrating OAuth 2.0 authentication in a Spring Boot application, providing you with clear code examples and actionable insights along the way.

What is OAuth 2.0?

OAuth 2.0 is an authorization framework that allows third-party applications to obtain limited access to user accounts on an HTTP service. It is widely used for enabling secure delegated access, allowing users to grant access to their information without sharing their credentials.

Key Features of OAuth 2.0

  • Delegated Authorization: Users can authorize third-party applications to access their data without sharing passwords.
  • Access Tokens: Applications receive access tokens that can be used to access resources on behalf of the user.
  • Scopes: OAuth allows you to specify what access levels (scopes) the application needs.
  • Refresh Tokens: These tokens can be used to obtain new access tokens without requiring user interaction.

Use Cases for OAuth 2.0

Integrating OAuth 2.0 is beneficial in various scenarios, including:

  • Social Logins: Allowing users to log in with their social media accounts (Google, Facebook).
  • Third-party API Access: Granting applications access to user data from services like GitHub or Dropbox.
  • Microservices: Securing communication between microservices using access tokens.

Setting Up a Spring Boot Application with OAuth 2.0

Let’s walk through the process of integrating OAuth 2.0 authentication into a Spring Boot application. For this example, we will use GitHub as our OAuth provider.

Prerequisites

Before you start, ensure you have:

  • JDK 11 or higher installed.
  • Maven or Gradle for dependency management.
  • A GitHub account for creating an OAuth application.

Step 1: Create a GitHub OAuth Application

  1. Go to your GitHub account and navigate to Settings > Developer settings > OAuth Apps.
  2. Click on New OAuth App.
  3. Fill in the required fields:
  4. Application Name: Your app name.
  5. Homepage URL: http://localhost:8080/
  6. Authorization Callback URL: http://localhost:8080/login/oauth2/code/github
  7. Click Register application.
  8. Note down the Client ID and Client Secret.

Step 2: Set Up Spring Boot Project

Create a new Spring Boot project either by using Spring Initializr or your preferred IDE. Include the following dependencies:

  • Spring Web
  • Spring Security
  • Spring Boot Starter OAuth2 Client

Here’s a sample pom.xml snippet for Maven:

<dependencies>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-web</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-security</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-oauth2-client</artifactId>
    </dependency>
</dependencies>

Step 3: Configure Application Properties

Open src/main/resources/application.yml and add the following configuration:

spring:
  security:
    oauth2:
      client:
        registration:
          github:
            client-id: YOUR_CLIENT_ID
            client-secret: YOUR_CLIENT_SECRET
            scope: read:user
            redirect-uri: "{baseUrl}/login/oauth2/code/{registrationId}"
        provider:
          github:
            authorization-uri: https://github.com/login/oauth/authorize
            token-uri: https://github.com/login/oauth/access_token
            user-info-uri: https://api.github.com/user

Replace YOUR_CLIENT_ID and YOUR_CLIENT_SECRET with the values you obtained from GitHub.

Step 4: Create a Security Configuration Class

Create a new class named SecurityConfig to handle security configuration:

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
                .antMatchers("/", "/login**").permitAll()
                .anyRequest().authenticated()
            .and()
            .oauth2Login();
    }
}

Step 5: Create a Controller

Now, let’s create a simple controller to handle the home page and the user profile:

import org.springframework.security.core.annotation.AuthenticationPrincipal;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;

@Controller
public class HomeController {

    @GetMapping("/")
    public String home() {
        return "home";
    }

    @GetMapping("/profile")
    public String profile(@AuthenticationPrincipal OAuth2User principal, Model model) {
        model.addAttribute("name", principal.getAttribute("name"));
        model.addAttribute("email", principal.getAttribute("email"));
        return "profile";
    }
}

Step 6: Create Thymeleaf Templates

Create home.html and profile.html templates under src/main/resources/templates.

home.html:

<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org">
<head>
    <title>Home</title>
</head>
<body>
    <h1>Welcome!</h1>
    <a href="/oauth2/authorization/github">Login with GitHub</a>
</body>
</html>

profile.html:

<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org">
<head>
    <title>Profile</title>
</head>
<body>
    <h1>User Profile</h1>
    <p>Name: <span th:text="${name}"></span></p>
    <p>Email: <span th:text="${email}"></span></p>
    <a href="/">Logout</a>
</body>
</html>

Step 7: Run Your Application

Now, you are ready to run your application. Start your Spring Boot application, and navigate to http://localhost:8080/. Click on the "Login with GitHub" link, and you should be redirected to GitHub for authentication. Once authenticated, you will be redirected back to your application and able to view your profile.

Troubleshooting Tips

  • Invalid Redirect URI: Ensure that the redirect URI in GitHub matches exactly with what you have in your application properties.
  • Dependency Issues: Make sure all dependencies are correctly included and up-to-date.
  • Security Configuration: If you encounter issues with access restrictions, revisit your security configuration to ensure correct permission settings.

Conclusion

Integrating OAuth 2.0 authentication into your Spring Boot application not only enhances security but also improves user experience by simplifying login processes. By following the steps outlined in this guide, you can successfully implement OAuth 2.0 using GitHub as an identity provider. As you expand your application's functionality, consider applying similar principles for other OAuth providers, ensuring a robust and secure application.

SR
Syed
Rizwan

About the Author

Syed Rizwan is a Machine Learning Engineer with 5 years of experience in AI, IoT, and Industrial Automation.