OAuth

OAuth 2.0 In Spring Boot

• On top of the Spring Security tools, Spring Boot natively supports OAuth 2.0 for integrated authorization via Google or GitHub.
  • This process includes registering the app (for example, with Github) and providing a callback URL (for a local project, this may look like “http://localhost:8080/login/oauth2/code/github”). In addition to importing Spring Security dependencies in the appropriate file, the “application.yml” file needs to include the following block with credentials inserted(replacing the github values with those provided by GitHub):

  spring:
  security:
    oauth2:
      client:
        registration:
          github:
            clientId: github-client-id
            clientSecret: github-client-secret
  

Functionality

• This process grants an access token to the application, and a corresponding cooke named JSESSIONID will be stored by the browser.

• Rendering conditionally based on authentication state may be done either client-side or server-side. HTML elements with the class container authenticated will only render when a user has a valid authentication token (while container unauthenticated is used to exclude elements in this case)