Has anyone implemented google oauth with spring boot at the back end ?

Will appreciate any help

you need this dependency in your maven pom


dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-client</artifactId>
</dependency>




in your applications.properties add these

#GOOGLE OAUTH

# You need additional settings to configure your OAUTH service ..just check youtube
spring.security.oauth2.client.registration.google.client-id= your-client-id
spring.security.oauth2.client.registration.google.client-secret=your-secret



in your SecurityConfig class


@Configuration
public class SecurityConfig {

@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws Exception {
return httpSecurity.authorizeHttpRequests(auth ->
auth.requestMatchers("/".permitAll()
.anyRequest().authenticated())
.oauth2Login(Customizer.withDefaults())
.formLogin(Customizer.withDefaults()) // u can replace this with httpBasic and configure the URL
.build();
}
}

richebony:
you need this dependency in your maven pom


dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-client</artifactId>
</dependency>




in your applications.properties add these

#GOOGLE OAUTH

# You need additional settings to configure your OAUTH service ..just check youtube
spring.security.oauth2.client.registration.google.client-id= your-client-id
spring.security.oauth2.client.registration.google.client-secret=your-secret



in your SecurityConfig class


@Configuration
public class SecurityConfig {

@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws Exception {
return httpSecurity.authorizeHttpRequests(auth ->
auth.requestMatchers("/".permitAll()
.anyRequest().authenticated())
.oauth2Login(Customizer.withDefaults())
.formLogin(Customizer.withDefaults()) // u can replace this with httpBasic and configure the URL
.build();
}
}

Hello richebony, I've been learning spring security on youtube but most tutorials I've watched are not explanatory enough.

It always look like they're doing magic, some are oudated especially implementing basic auth, the way to do this as shown in the tutorials is depreciated. If you don't mind, could you please recommend a good spring security video you know? Thank you.

I see that you're good with this stuff, could you please mentor me? I need some guidance as this whole stuff is broad and I don't want to go the wrong way.

I promise not to waste your time or stress you. Thank you!

InteliJ:

Hello richebony, I've been learning spring security on youtube but most tutorials I've watched are not explanatory enough.

It always look like they're doing magic, some are oudated especially implementing basic auth, the way to do this as shown in the tutorials is depreciated. If you don't mind, could you please recommend a good spring security video you know? Thank you.

I see that you're good with this stuff, could you please mentor me? I need some guidance as this whole stuff is broad and I don't want to go the wrong way.

I promise not to waste your time or stress you. Thank you!

https://m.youtube.com/playlist?list=PLEocw3gLFc8X_a8hGWGaBnSkPFJmbb8QP


Check this out.

You can get good Spring Security course on Udemy at cheaper rate like #3500

Spring documentation is there to help, too.

InteliJ:

Hello richebony, I've been learning spring security on youtube but most tutorials I've watched are not explanatory enough.

It always look like they're doing magic, some are oudated especially implementing basic auth, the way to do this as shown in the tutorials is depreciated. If you don't mind, could you please recommend a good spring security video you know? Thank you.

I see that you're good with this stuff, could you please mentor me? I need some guidance as this whole stuff is broad and I don't want to go the wrong way.

I promise not to waste your time or stress you. Thank you!

you better read the docs. Thats where most of these videos lift from.

InteliJ:

Hello richebony, I've been learning spring security on youtube but most tutorials I've watched are not explanatory enough.

It always look like they're doing magic, some are oudated especially implementing basic auth, the way to do this as shown in the tutorials is depreciated. If you don't mind, could you please recommend a good spring security video you know? Thank you.

I see that you're good with this stuff, could you please mentor me? I need some guidance as this whole stuff is broad and I don't want to go the wrong way.

I promise not to waste your time or stress you. Thank you!

Lol, you are not alone in this, I also had this issue, especially with the introduction of Spring Security 6, it made most of my prior knowledge deprecated, I would recommend Dan Vega's Spring Security course on YouTube, he works with the Spring team and gets most of his resources directly from the docs .So just search for his channel on YouTube [Dan Vega]..if you have any questions u can holla

richebony:
you need this dependency in your maven pom


dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-client</artifactId>
</dependency>




in your applications.properties add these

#GOOGLE OAUTH

# You need additional settings to configure your OAUTH service ..just check youtube
spring.security.oauth2.client.registration.google.client-id= your-client-id
spring.security.oauth2.client.registration.google.client-secret=your-secret



in your SecurityConfig class


@Configuration
public class SecurityConfig {

@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws Exception {
return httpSecurity.authorizeHttpRequests(auth ->
auth.requestMatchers("/".permitAll()
.anyRequest().authenticated())
.oauth2Login(Customizer.withDefaults())
.formLogin(Customizer.withDefaults()) // u can replace this with httpBasic and configure the URL
.build();
}
}

Thanks bro, but i understand this flow but it doesnt fit into the context of what i am trying to do. Maybe I should give a bit more background on what I'm trying to do..

So I had custom configurations for some of the filters in the securityFilterChain. I customized the AuthenticationFilter(UsernamePasswordFilter), the authenticationManager, and an AuthenticationProvider - which loads the user from the database, dao stuff.

Now, what I want to do configure another authenticationProvider that implements OpenID connect, and then add this to the authenticatonManager. I have searched spring docs but they don't seem to provide a flow for that. So that's what im struggling with bro.

I hope you understand what I am saying boss?

BurnerMan:


Thanks bro, but i understand this flow but it doesn't fit into the context of what i am trying to do. Maybe I should give a bit more background on what I'm trying to do..

So I had custom configurations for some of the filters in the securityFilterChain. I customized the AuthenticationFilter(UsernamePasswordFilter), the authenticationManager, and an AuthenticationProvider - which loads the user from the database, dao stuff.

Now, what I want to do configure another authenticationProvider that implements OpenID connect, and then add this to the authenticatonManager. I have searched spring docs but they don't seem to provide a flow for that. So that's what im struggling with bro.

I hope you understand what I am saying boss?

So what you are saying is that you want a customOAuth2 service

you would need to add these properties
spring.security.oauth2.client.provider.google.authorization-uri=
spring.security.oauth2.client.provider.google.token-uri =
spring.security.oauth2.client.provider.google.user-info-uri=
spring.security.oauth2.client.provider.google.user-name-attribute= email

add this dependency


<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-jose</artifactId>
</dependency>



create a customOauth2UserService


import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
import org.springframework.web.client.RestTemplate;

@Service
@RequiredArgsConstructor
public class CustomOAuth2UserService implements OAuth2UserService<OAuth2UserRequest, OAuth2User> {

@Value("${spring.security.oauth2.client.provider.google.user-info-uri}"
private String userInfoUri;

private final RestTemplate restTemplate;

@Override
public OAuth2User loadUser(OAuth2UserRequest userRequest) throws OAuth2AuthenticationException {
String accessToken = userRequest.getAccessToken().getTokenValue();

GoogleUserInfo userInfo = restTemplate.getForObject(userInfoUri, GoogleUserInfo.class, accessToken);

if (userInfo == null) {
throw new UsernameNotFoundException("User not found";
}
Map<String, Object> attributes = new HashMap<>();
attributes.put("email", userInfo.getEmail());
attributes.put("name", userInfo.getName());

return new DefaultOAuth2User(
Collections.singleton(new OAuth2UserAuthority(attributes)),
attributes, "email";
}
}


create your customAuth2Provider




@Component
@RequiredArgsConstructor
public class CustomOAuth2AuthenticationProvider implements AuthenticationProvider {

private final CustomOAuth2UserService customOAuth2UserService;

@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
OAuth2User oauth2User = (OAuth2User) authentication.getPrincipal();

UserDetails userDetails = customOAuth2UserService.loadUser(oauth2User.getRequest());
return new UsernamePasswordAuthenticationToken(
userDetails, null, userDetails.getAuthorities());
}

@Override
public boolean supports(Class<?> authentication) {
return OAuth2UserAuthenticationToken.class.isAssignableFrom(authentication);
}
}







@Configuration
@RequiredArgsConstructor
public class SecurityConfig {

private final CustomOAuth2AuthenticationProvider customOAuth2AuthenticationProvider;

@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws Exception {
return httpSecurity.authorizeHttpRequests(auth ->
auth.requestMatchers("/".permitAll()
.anyRequest().authenticated())
.oauth2Login((oauth2Login) -> oauth2Login
.userInfoEndpoint((userInfo) -> userInfo.userService(customOAuth2UserService)) // this is authoInjected with the provider
// you can also configure the login uri/page here
)
.formLogin(Customizer.withDefaults())
.build();
}
}
PS : The code might not work ,didnt test it ...i am actually wondering why you chose this approach,you can run test cases on the service layer ,if that works, then extra configuration tweaking might fix it

richebony:


Lol, you are not alone in this, I also had this issue, especially with the introduction of Spring Security 6, it made most of my prior knowledge deprecated, I would recommend Dan Vega's Spring Security course on YouTube, he works with the Spring team and gets most of his resources directly from the docs .So just search for his channel on YouTube [Dan Vega]..if you have any questions u can holla

Thank you very much! Sure, I will.

parkervero:


https://m.youtube.com/playlist?list=PLEocw3gLFc8X_a8hGWGaBnSkPFJmbb8QP


Check this out.

You can get good Spring Security course on Udemy at cheaper rate like #3500

Spring documentation is there to help, too.

I've added it to my library already. Thanks for your time, I appreciate.

jesmond3945:
you better read the docs. Thats where most of these videos lift from.

I'll read the docs for sure. But I'm just starting, I want to get the basics from videos before I move to the docs. Thank you for the heads up.

richebony:


Lol, you are not alone in this, I also had this issue, especially with the introduction of Spring Security 6, it made most of my prior knowledge deprecated, I would recommend Dan Vega's Spring Security course on YouTube, he works with the Spring team and gets most of his resources directly from the docs .So just search for his channel on YouTube [Dan Vega]..if you have any questions u can holla

Great one. I was also going to recommend Dan Vega.