Spring Boot OAuth 2.0 Client + MySQL
1. What is OAuth 2.0 ?
The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service.
2. How does OAuth 2.0 work ?
-
Resource Owner
An entity capable of granting access to a protected resource. When the resource owner is a person, it is referred to as an
end-user
.
> In other words , it's the end-user that accepts the authorization request. -
OAuth 2.0 Client
An
application
making protected resource requests on behalf of the resource owner and with its authorization. -
Authorization server
The server issuing
access tokens
to the client after successfully authenticating the resource owner and obtaining authorization.
> This access token will be used later to retrieve the protected resource. -
Resource Server
The server hosting the protected resources, capable of accepting and responding to protected resource requests using access tokens.
In our example , we will be interested only to the client side of OAuth 2.
That is , registering the user in our mysql database after getting information from the OAuth2 Provider ( Google , Github)
> OAuth2 Client is our spring application.
> Resource Owner is the user.
> Authorization/Resource Server is the OAuth2 provider.
3.Technologies
Spring Boot Web
Spring Data JPA
Spring Security
Spring OAuth2 Client
MySQL Database
Docker ( Optional )
4. File Structure
WebSecurityConfig
Extending the WebSecurityConfigurerAdapter class which , along with @EnableWebSecurity annotation , provides web based security and allows us to do some configurations like restricting some URL's for authentication , rejecting requests or maybe a defining a custom firwall .
AppController
Playing the role of a controller of requests in the MVC architecture thanks to Spring MVC.
We defined an endpoint "/user" to show the json data sent by the oauth provider after the login success.
User
andCustomOauth2User
The class User is our Model , in the MVC architecture , marked with @Entity JPA annotation to make the object ready for storage in the database.
The class CustomOauth2User will be used to get attributes of the data retrieved from the oauth provider.
UserRepository
Extending the JpaRepository class which makes database access very easy and allows us to perform creation , deletion , update and searching of users.
UserService
andCustomOauth2UserService
Classes that contains the @Service annotation and used to write business logic like finding a user by email or loading the user from the OauthProvider.
OAuth2LoginSuccessHandler
Extends the class SimpleUrlAuthenticationSuccessHandler which is used to specify any custom logic after the success of the authorization .
This class is needed to store the user in tha database after the login.
5. How to run the project
Step 1 : OAuth 2.0 credentials from the Google API Console
Create a new project and get a new pair of OAuth 2.0 clientId and clientSecret.
you'll need them for spring security oauth configuration in application.yaml
spring:
security:
oauth2:
client:
registration:
google:
clientId: PASTE_GOOGLE_CLIENT_ID_HERE
clientSecret: PASTE_GOOGLE_CLIENT_SECRET_HERE
scope:
- profile
- email
Scope are the information needed from the oauth provider .
In our case we need general profile information and also the email ( will be used later ) Also we need to set the URL callback to /oauth2/authorization/google
Step 2 : Creating a MySQL Database Instance
Using docker is not necessary here , you can use our local MySQL.
In our case we can use docker compose to create our database container.
docker-compose.yaml
:
version: "3.7"
services:
mysql:
image: mysql:8.0
ports:
- "3306:3306"
environment:
MYSQL_ROOT_PASSWORD: MYSQL_ROOT_PASSWORD
MYSQL_DATABASE: demo
Here we are using the version 3.7 of the docker compose . Then we are fetching the image of mysql version 8.0 from the Docker Registry. We also expose the port 3306 of the machine ( so we can access the container ) and the port 3306 of the container. Finally we set the root password and the name of the database that we want to create ( for example demo ).
Also we need to configue Spring JPA to use our mysql container.
application.yaml
:
spring:
jpa:
hibernate:
ddl-auto: update
show-sql: true
datasource:
username: MYSQL_ROOT_USERNAME
password: MYSQL_ROOT_PASSWORD
url: jdbc:mysql://localhost:3306/demo
Last but not least , we run the command below to create the database instance.
$ cd spring-boot-oauth2-mysql
$ docker compose up
Step 3 : Running the spring application
DEMO
Let's demonstrate with our oauth 2.0 client implementation with some basic html template.
Before we proceed to the authorization server , let's show our current state of the database :
As we can see our user table is currently empty and our goal is to create a new user after the login success.
After clicking the link , we are redirected to a google page for authorization.
And we can hit the endpoint "/user" to take a peak about the data send to us by google.
And Boom , we obtained the full name and email address , that's exactly what we configured in the application.yaml
So now that we have the data we can actually display the name of the user , as well as registering him in the database .
Here we can see the user registered successfully thanks to the class OAuth2LoginSuccessHandler .
And also we updated to front page to show the name of current logged-in user.