The default sample provides the minimal configuration to get started with Spring Authorization Server.
The demo sample provides custom configuration for various features implemented by Spring Authorization Server.
-
Run Authorization Server →
./gradlew -b samples/demo-authorizationserver/samples-demo-authorizationserver.gradle bootRun -
Run Client →
./gradlew -b samples/demo-client/samples-demo-client.gradle bootRun -
Run Resource Server →
./gradlew -b samples/messages-resource/samples-messages-resource.gradle bootRun -
Go to
http://127.0.0.1:8080-
Login with credentials → user1 \ password
-
The demo sample may be configured to provide social login capability.
This section shows how to configure Google as a social login provider.
To use Google’s OAuth 2.0 authentication system for login, you must set up a project in the Google API Console to obtain OAuth 2.0 credentials.
|
Note
|
Google’s OAuth 2.0 implementation for authentication conforms to the OpenID Connect 1.0 specification and is OpenID Certified. |
Follow the instructions on the OpenID Connect page, starting in the section, "Setting up OAuth 2.0".
After completing the "Obtain OAuth 2.0 credentials" instructions, you should have a new OAuth Client with credentials consisting of a Client ID and a Client Secret.
The redirect URI is the path in the application that the end-user’s user-agent is redirected back to after they have authenticated with Google and have granted access to the OAuth Client (created in the previous step) on the Consent page.
In the "Set a redirect URI" sub-section, ensure that the Authorized redirect URIs field is set to http://localhost:9000/login/oauth2/code/google-idp.
|
Tip
|
The default redirect URI template is {baseUrl}/login/oauth2/code/{registrationId}.
The registrationId is a unique identifier for the ClientRegistration.
|
Now that you have a new OAuth Client with Google, you need to configure the application to use the OAuth Client for the authentication flow. To do so:
-
Go to
application.ymland set the following configuration:spring: security: oauth2: client: registration: (1) google-idp: (2) provider: google client-id: google-client-id client-secret: google-client-secret
Example 1. OAuth Client properties-
spring.security.oauth2.client.registrationis the base property prefix for OAuth Client properties. -
Following the base property prefix is the ID for the
ClientRegistration, such as google-idp.
-
-
Replace the values in the
client-idandclient-secretproperty with the OAuth 2.0 credentials you created earlier. Alternatively, you can set the following environment variables in the Spring Boot application:-
GOOGLE_CLIENT_ID -
GOOGLE_CLIENT_SECRET
-
This section shows how to configure GitHub as a social login provider.
To use GitHub’s OAuth 2.0 authentication system for login, you must Register a new OAuth application.
When registering the OAuth application, ensure the Authorization callback URL is set to http://localhost:9000/login/oauth2/code/github-idp.
The Authorization callback URL (redirect URI) is the path in the application that the end-user’s user-agent is redirected back to after they have authenticated with GitHub and have granted access to the OAuth application on the Authorize application page.
|
Tip
|
The default redirect URI template is {baseUrl}/login/oauth2/code/{registrationId}.
The registrationId is a unique identifier for the ClientRegistration.
|
Now that you have a new OAuth application with GitHub, you need to configure the application to use the OAuth application for the authentication flow. To do so:
-
Go to
application.ymland set the following configuration:spring: security: oauth2: client: registration: (1) github-idp: (2) provider: github client-id: github-client-id client-secret: github-client-secret
Example 2. OAuth Client properties-
spring.security.oauth2.client.registrationis the base property prefix for OAuth Client properties. -
Following the base property prefix is the ID for the
ClientRegistration, such as github-idp.
-
-
Replace the values in the
client-idandclient-secretproperty with the OAuth 2.0 credentials you created earlier. Alternatively, you can set the following environment variables in the Spring Boot application:-
GITHUB_CLIENT_ID -
GITHUB_CLIENT_SECRET
-