OAuth2 Login Made Easy in Java: A Spring Boot & Spring Security Walkthrough

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

what's up Friends Dan Vega here and today we are talking about oauth 2 logins in Spring Security so if you have an application and you want to provide a way for users to log in you can have them log in Via form using something like a username and password maybe an email address but if you don't want to have to have your users register on your system you can have them log in via some social login like GitHub Google Twitter whatever the case may be that's what we're going to look at today we're going to use spring boot Spring Security and the oauth 2 login functionality that's built into Spring Security to make that happen and it's actually really easy to do I've gotten a lot of questions about this lately so I thought we'd just Jump Right In Here I am at start.spring.io I'm going to create a new project I'm going to select Maven as my build tool Java as my language I'm going to change that group to dev.dan Vega we'll call this a social login if I could spell Dan and then we'll choose Java 17 and we're going to need a couple dependencies so I'm going to choose web I'm also going to choose the oauth 2 client this will bring in Spring Security as a transitive dependency and so we'll have everything we need that's really all we need to get started so what we're going to do is we're going to generate that project it's going to download a zip I'm going to open it up in IntelliJ ultimate idea that is my favorite IDE but you should open it up in whatever text editor or IDE your most productive in what are we waiting for let's write some code all right I'm going to get started by renaming this to application and we are good to go so the first thing that we need is we need a controller so I'm going to create a new Java class called home controller I basically want to set up a route that is public and a route that is private so I'm going to mark this with rest controller and then we'll create a couple of methods in here one git mapping for the root context so slash this is going to be public string home this is going to return hello home and that is all for that and then we'll need a secure mapping so we'll say slash secured and this will be public string secured and then this will just return hello secured and that is all we need so we'll need to set up some configuration where anybody can get to home but if you log in or if you hit at secured slash secured then you will need to go ahead and log in so just to make sure everything is working I wanted to put that uh why did that not go in a package called controller come on Dan all right so we refracted that now I can go ahead and run my application and because spring Securities on the class path we basically get a default user and a default password if this is your first time using kind of Spring Security uh you go ahead and check out my channel there's a bunch of videos on the topic but we have this randomly generated password that we need to log in with and then everything is secure by default so to change this we want to override our security configuration so we're going to create a new Java class we'll call this security config and we'll put it in the config package so security config and we'll mark this with at configuration at enable web security this will get us going and then we need to create a new Bean of type security filter chain called a security filter chain this takes in our HTTP security and then we'll return http.build [Music] and this will go ahead and add an exception and we are ready to go so now we need to configure Spring Security all right so we'll use authorize HTTP requests and the Lambda DSL here and we'll say auth dot request matches so we'll say for our home route that anyone can get to that we'll say that and then we'll say any other request I want you to make sure that they are authenticated now how are you going to log in so we can provide a form login with some defaults and that will let's go ahead and import that static and that will give us a form login so now when we visit slash secured the user will have to log in with their username and password to be able to view that but we don't want to just provide a form login maybe we want to provide oauth 2 login so how do we do that so first off we can say oauth 2 login we can also pass the defaults to that and that's all there is to it that is our setup there we need to create some properties in application.properties to say what oauth2 clients we're going to support or what what oauth2 providers so if I go into application.properties I can fill in some properties so I can set up let's just say for this example we're going to set up a GitHub oops GitHub login and we'll set up a Google login so one other kind of hack that I love is anytime I'm working with Spring Security I like to set the logging level for org.springframework DOT security equal to trace this just gives me some visibility into what's happening in my application so I like to go ahead and set that first now to do GitHub and Google or Twitter or whatever you need to create auth to client credentials on their applications so let's start with one we're going to head back over to the browser and we'll talk about setting up GitHub first and then we'll move on to Google alright so here I am on my GitHub account I am going to go over to this little icon here and I'm going to go to settings from there we are going to go all the way down here into developer settings and we're going to go into oauth 2 apps so you see I have one one here from before let's create a new oauth app we'll call it Spring Security social login um we'll just call it that and then you need a home page URL the full URL to access your application we'll just say localhost 8080 you could fill in some information about the description here and then you need an authorized callback URL so this callback URL is something that you would get in the documentation I actually have it here localhost 8080 slash login oauth2 code GitHub turns out this URL is the same uh just whatever this is going to be replaced with something like Google so I'm using uh that as my authorization callback URL and then this is uh gonna control the flow in my application so I'm going to do is register my application and now you can see I have a client ID and I have to generate a secret let's take this client ID first and head back over to my application.properties so in here for GitHub login I'm going to say Spring Security oauth 2 client registration Dot and then the name of the provider so in this case it's GitHub and I'm going to say the client ID whoops is equal to this all right so we're going to copy that and then just say the client secret is going to be equal to and then we'll go back over here we'll generate a new client secret and I have this I'm going to copy it again I'll go ahead and delete this after the video but now I have my client ID and my secret so with that I should be able to go ahead and run the application and if we head back to the browser and if I go to localhost 8080 we get to home uh this one is allowing anyone without authentication to get to it but if we go to slash secured it's going to ask us to log in so again we provided a form login as one of the options if I didn't provide the form login and I only had one oauth 2 provider in this case GitHub it would automatically forward to that GitHub login I'm having both options here so that's why it shows me the form that comes out of the box with Spring Security and then it actually sets up the links for you as well for any of the oauth 2 providers so in this case it's GitHub I need to log in with GitHub to view this secured page I'm going to say okay go ahead and authorize that and I'm forward on to the secured route so great that was it that that's that easy to get going what I want to do now is do the same for Google so Google you will want to go over to council.cloud.google I will say it was a little confusing you have to set up the oauth 2 consent screen first if you've never done this you need to do that first once you're done there you can go ahead and go to the credentials area and then create a oauth 2 client ID so we're going to create credentials oauth 2 client ID you're going to pick a web application and then you're going to give it a name so Spring Security social login and then you need to add an authorized redirect URI so again this is going to be the same as before which was localhost 8080 slash login Slash oauth 2 slash code and now Google all right so we're going to add that URI and then create and then what it's going to do is it's going to give us that client ID and that client secret so I'm going to head over to here and I'm going to say the same thing so spring dot security os2 client registration.google dot client ID and then we'll pass that in and then let's head back over here and copy the secret and spring dot os2 clients registration Google and the client Secret um so there's some other things that you can configure in here there is like so if I'm in Spring Security os2 registration dot Google Dot scope so there are things like scope where you can say like what is the available scope of this oauth 2 application like what information uh do we want to access so go ahead and read the documentation if you want to dig down and figure out what else you can configure here but that is it for this I'm going to go ahead and restart this and we will see that if we go to localhost 8080 secured we are now given two options so we can log in with GitHub or we can log in with Google so now I'm going to try Google here are my different options for my Google account I'm going to sign in with that and as you can see I am taken to the secured page all right thanks for sticking around to the end of that tutorial it was a short one but a sweet one I know a lot of you were asking me about how to do that obviously this is just kind of one piece of the puzzle when it comes to security and oauth and open ID there's a lot to learn but this is extremely easy to set up in Spring Boot and Spring Security so I just wanted to kind of walk you through that now something else I've been asked about and I'm interested to hear from you to see if it's something you're interested in we get that out of the box form login that out of the box ability to log in with GitHub and Google but what if you wanted to customize that page you can do it you can override the login page you can kind of set that up in Spring Security and maybe you're interested in customizing that if you'd like a tutorial on that let me know I'm a big fan of creating front ends so I would create you could do this in like time wave but I would use something like V and view to create that and something like Tailwind to style it up so I think that would be a fun tutorial if you're you're interested in something like that let me know but what about this one if you found some value in this tutorial friends do me a favor give me a thumbs up subscribe to the channel and as always happy coding [Music]

Info

Channel: Dan Vega

Views: 93,929

Rating: undefined out of 5

Keywords: dan vega

Id: us0VjFiHogo

Channel Id: undefined

Length: 13min 5sec (785 seconds)

Published: Fri Apr 28 2023