Menu
In Spring Boot application I have secured my Spring MVC REST endpoints with Spring Security and Spring OAuth2. I have own Authorization\Resource servers so in order to comunicate with our API, client(AngularJS) needs to obtain acessToken from my API Authorization Server.
Everything works fine but for authentication/authorization on my API, user needs to create his account and provide us with his username/password.
I'd like to simplify this process and would like to propose user to authenticate on my API via Google/Facebook/Twitter oAuth providers.
Right now I have no clear understanding how it must work.. For example one of my ideas - Facebook will issue own accessToken and pass it back to my API. Based on this accessToken my API will issue own accessToken and pass it back to client application(AngularJS). Or should I pass Facebook accessToken directly to client app ?
What is the correct architecture for the described case ? How should it work ?
Maybe there is some example that demonstrates this architecture based on Spring framework ?
995
End of Life NoticeThe Spring Security OAuth project has reached end of life and is no longer actively maintained by VMware, Inc. This project has been replaced by the OAuth2 support provided by Spring Security and Spring Authorization Server.
The OAuth 2.0 specification defines a delegation protocol that is useful for conveying authorization decisions across a network of web-enabled applications and APIs. OAuth is used in a wide variety of applications, including providing mechanisms for user authentication.
springframework. boot:spring-boot-starter-oauth2-client . This includes Spring Security's OAuth 2.0 Client support and provides Spring Boot auto-configuration to set up OAuth2/Open ID Connect clients. You can read about how to configure client in the Spring Boot reference documentation.
If you want to delegate authentication to an external provider you can use the OAuth2ClientAuthenticationProcessingFilter, or the convenience annotations and external configuration provided in Spring Cloud Security. Example (from the Spring Cloud Security home page):
Aplication.java:
@SpringBootApplication
@EnableOAuth2Sso
public class Application {
...
}
application.yml:
spring:
oauth2:
client:
clientId: bd1c0a783ccdd1c9b9e4
clientSecret: 1a9030fbca47a5b2c28e92f19050bb77824b5ad1
accessTokenUri: https://github.com/login/oauth/access_token
userAuthorizationUri: https://github.com/login/oauth/authorize
clientAuthenticationScheme: form
resource:
userInfoUri: https://api.github.com/user
preferTokenInfo: false
That works with github if your app is running on port 8080 (I believe). Similar configuration works with facebook, cloud foundry, google and other OAuth2 providers.
152
In case of own OAuth2 or OAuth2 + JWT tokens please take a look into the following question Integrate Spring Security OAuth2 and Spring Social especially answer provided by @rbarriuso. You have to provide your own SocialAuthenticationSuccessHandler and send a redirect with own oauth2Token after successful authorization with any 3rdparty OAuth2 providers.
In other words the main idea of this technology agnostic solution is to issue your own access token and provide it to user after his successful authentication with the 3rdparty OAuth2 providers.
43
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
