Watch Me Code an OAuth2 Google Login Client with Java Spring 

You're welcome!

There are multiple things you can do with the attributes, but one example is that you can use the "sub" property as a unique identifier for the user if you want to save user preferences or other actions to the database with that ID.

You're very welcome!

I would need to read some of the open source code to see where they are stashing it. However, Java Spring should be managing the token for you and determining when the session has expired. Do you need it for something else?

You could store the user information that you get back from Google and then use that to fetch a role that you assign the user that you would store in your database.

Got any solution?

Yeah I started using .net 😅

You're welcome!

@@TechTutorRyan Are u planning to create tutorial for oauth2 without spring? I mean oauth2 just for desktop java app.

@@stonedcodingtom9097 I haven't really thought about it. Spring is a fairly well maintained open source community so I typically don't bother to recreate features that it already provides. Similarly, in JavaScript I would have probably used Passport.js for Google Auth: www.passportjs.org/concepts/authentication/google/

@@TechTutorRyan Okay, thank you for reply. Have a nice day!

I haven't dug into this recently, but the last time that I looked into it, you still had to manage your own roles. For my implementation this involved using my own database as you already assumed and then checking to see which role the user had after Google confirmed the user identity.

Hello! I just created a new video showing how to logout. I didn't create a button for it, but it would be very simple. All you need to do is create a button that leads the user to "{{siteURL}}/logout". Here is the new video for reference: ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-OtFLR-MReI0.html

In the controller you can take that Map object that is coming from getAttributes and save it using a repository layer. For best practice, I would suggest autowiring in a Service to your controller and then autowiring a Repository class into your Service to perform the save. There are some other videos on my channel that show how to easily add a database to a Spring Boot project.

Are you using the same Maven dependency that I used in the video? If you are, then the code from that dependency uses Spring Security, so I would highly suggest using Spring Security to configure any security chains.

​@@TechTutorRyan yes I'm using Spring Security, also not limited on using any external library. I have one @PostMapping("/login"), which does multiple (different) authentications (2 databases, 1 SOAP request), and the last case (depending on user's configuration on previous database checks) might be an OpenID redirect to ADFS. Currently I handle the flow by calling different service classes, but I'm stuck at the ADFS redirection/authentication step. I don't know if this is achievable using Spring Security filters :/

If I am understanding your question, it sounds like you want to redirect based on the authentication that was used? I think you may be able to do something like this: @RequestMapping("/") public String page() { Authentication auth = SecurityContextHolder.getContext().getAuthentication(); if (auth instanceof SomeAuthenticationToken) return "someAuthPage"; if (auth instanceof SomeOtherAuthenticationToken) return "someOtherAuthPage"; }

You may also be able to set a specific redirect for each auth method using defaultSuccessUrl: docs.spring.io/spring-security/site/docs/4.0.x/apidocs/org/springframework/security/config/annotation/web/configurers/AbstractAuthenticationFilterConfigurer.html#defaultSuccessUrl-java.lang.String-

@@TechTutorRyan actually it is much simpler/primitive, the following 'pseudocode' describes the workflow: @PostMapping("/") public Boolean login(@RequestBody Login login) { if(login.getProperty1() == xx) //internal auth return isFirstAuthOk(login); var sourceDb2 = db2GetInfo(login.getUsername); if(sourceDb2.getProperty2() == xx) //external service auth return isAuthUsingSoap(login); //if you reached this step, do an ADFS/OpenID redirect //todo: open ADFS login page and handle auth/token response } My initial approach was to use LDAP, which has an "authenticate(username, password)" approach, but it didnt support SSO (Single Sign On) which is the next step :(

I didn't push this one to my git. It actually isn't that much code though. If you use follow along in the video and use Spring Initializr, it will basically generate all of the code you need except for the changes to the application.yml file, which you will still need to change to match your Google account. Let me know if you have any trouble after trying the steps in the video.

It sounds like you may have missed a step configuring your Google Settings.

make a new class, say AuthHandlar: import org.springframework.security.web.authentication.AuthenticationSuccessHandler; import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler; public class AuthHandlar extends SimpleUrlAuthenticationSuccessHandler implements AuthenticationSuccessHandler { public AuthHandlar(){ super(); setUseReferer(false); // do not redirect user to same endpoint when request occurs } } Then in in securityConfigin class do the following -> httpSecurity.oauth2Login() .successHandler(new AuthHandlar()).and()....etc

Try using this @Configuration @EnableWebSecurity public class AppConfig extends WebSecurityConfigurerAdapter{ @Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable().authorizeRequests().antMatchers("/endpoint name").permitAll() //endpoints where you want to disable security .anyRequest().authenticated() .and() .oauth2Login().permitAll(); } }

/auth is the issue

Yes, I agree with Karthik, /auth is likely the issue without being able to see the rest of the code.

@@TechTutorRyan The issue was: The redirect URI was blocked by spring boot as an URI that required authentication. So that would redirect into the login, and there was the endless loop. I had to create a configuration class with the following: http.authorizeRequests() .anyRequest().authenticated() .and() .oauth2Login(); And now its working. Thanks anyways.

@@FellTheSky that updating the google api console and that change being present can take some time. Generally only a few minutes but sometimes it seems longer.