mmkay.pl

Mateusz Kulewicz

Close

Google OAuth2 login with Spring Boot

Mateusz Kulewicz9 marca 20171 Comment

I really don’t want to keep too much of my users’ data in my database. Say, passwords. What if I misconfigure an endpoint and they leak? What if my database provider leaks the DB and hashing algorithm becomes obsolete? Luckily, I can easily get rid of that issue with enabling login via other providers. OAuth2 protocol is a way to go in this case. For the beginning, one provider is enough. I chose Google as this is the one that has the biggest market penetration. What did I have to do?

Google setup

First of all, I needed to create a new application in Google API Console. In the OAuth consent section, I needed to provide my e-mail address and the name of the application. Before deployment, Google also requires us to provide a couple of optional settings, like privacy policy URL, but that will be considered as soon as I deploy my application somewhere. In Credentials („Dane logowania”) section I needed to add a new application. There an identifier and secret key are generated which will be useful at the next step. Right now I need to provide authorised JavaScript sources and authorised redirect URI addresses. As we deploy application only locally, for now, the only one will be pointing to my localhost:

Spring Boot setup

Adding required dependencies

One of them (spring-boot-security-starter) was already in my project. I needed also spring-security-oauth2 package.

Setting up OAuth properties

There is a set of properties that needs to be added to your application-[profilename].properties file. I wanted to get a public profile and e-mail of my users so in future I’ll be able to identify the users by their e-mail address, hence the „profile email” scope. You’ll need to replace SAMPLE_CLIENT_ID and SAMPLE_CLIENT_SECRET with values obtained from your Google API Console. You’re likely not to want to put that values into your public repositories.

Security configuration

With Spring there are several options for providing security configuration – most popular is either XML or Java code-based configuration. We’re using the second one here, leave index.html as a non-restricted page and everything else as requiring the user to log in. In future I expect it to change so that most of the assets is public. The most important part of this configuration is @EnableOAuth2Sso annotation which triggers using the properties from the file above and sets up default login endpoint.

Showing user data

I don’t have any real business logic in the application yet, so as an example I decided to create a REST endpoint that will return logged in user’s data. The endpoint will require authentication as defined in the above security configuration file.

Results

We have a nice index.html page with Bootstrap and Vue.js (I’ll write about this later), on which there now is a „Login with Google” link:

When we click on it, we’re redirected to Google login page.

After successful login and giving all required permissions, we’re redirected to the user page. We see a lot of data and several fields which just in case I won’t show in full 馃槈

As you see, there is already some information about the logged in user inside our Principal object, among them a name, surname and e-mail address.聽 We’ll likely save that data somewhere to keep information about our user and display them on request.

All changes that were required for adding login are also provided in this commit.

Strony

  • Cookie Policy
  • Groundhopping
  • Newsletter
  • O mnie / About me

Ostatnie wpisy

  • Zrobi艂em rzecz
  • Soundrive Festival 2019
  • Fortnite?
  • 100 000
  • Drogie lekcje i du偶o ro艣lin

Facebook

mmkay.pl

Najnowsze komentarze

  • Jak Mevo pozwala艂o na obserwowanie przejazd贸w na 偶ywo – mmkay.pl - Mevo ruszy艂o – i dla mnie jest super
  • W G贸rskim Karabachu – mmkay.pl - O G贸rskim Karabachu
  • 艢mieszne Historie o Pi艂ce No偶nej w Polsce: My Polish Cup Debut, Watching Kartofliska Warszawa v Bar Ulubiona ETV in Marymont, Warszawa – Northern Irishman in Poland - Podr贸偶 na 偶ywo: Kartofliska.pl Warszawa – ETV Bar Ulubiona Warszawa
  • agosto - Lifelog #1: Groundhopping w Sopocie i Warszawie
  • Mateusz Kulewicz - 10 maja w Gda艅sku

Tagi

armenia B-klasa bieganie cypr DSP2017 erywa艅 film fotografie gda艅sk groundhopping g贸rski karabach in english java kolej koncert krak贸w lifelog malm枚 malta matchlogger morena morena gda艅sk muzyka nieuznawane pa艅stwo norwegia oliwa oslo parkrun partizan belgrad pi艂ka no偶na podr贸偶e podr贸偶 na 偶ywo polska programming programowanie rower spring boot szwecja tczew transport publiczny vue js warszawa widok z okna wroc艂aw youtube
(c) 2016-18 mmkay.pl
Serwis wykorzystuje pliki cookies. Korzystaj膮c ze strony wyra偶asz zgod臋 na wykorzystywanie plik贸w cookies. dowiedz si臋 wi臋cej.