Setting Up an OIDC Provider with Social Login Using Spring Authorization Server and Gradle
OpenID Connect (OIDC) is a widely adopted standard for user authentication, and integrating social login capabilities enhances the user experience. In this extended guide, we'll walk through the process of setting up an OIDC provider using the Spring Authorization Server with Gradle as the build tool. We will also integrate social login functionality for a more versatile authentication process.
Prerequisites
Before starting with the setup, ensure you have the following prerequisites:
-
Java Development Kit (JDK): Install a compatible version of JDK on your system.
-
Spring Boot: Familiarize yourself with the basics of Spring Boot, as it forms the foundation for the Spring Authorization Server.
Step-by-Step Guide
Follow the steps below to set up the Spring Authorization Server with social login using Gradle:
1. Create a Spring Boot Project with Gradle
Use Spring Initializer or your preferred method to create a new Spring Boot project with Gradle as the build tool. Include the necessary dependencies, including spring-boot-starter-oauth2-client.
// build.gradle
plugins {
id 'org.springframework.boot' version '2.6.4'
id 'io.spring.dependency-management' version '1.0.11.RELEASE'
id 'java'
}
group = 'com.example'
version = '1.0-SNAPSHOT'
sourceCompatibility = '11'
repositories {
mavenCentral()
}
dependencies {
implementation 'org.springframework.boot:spring-boot-starter-oauth2-client'
implementation 'org.springframework.boot:spring-boot-starter-security'
implementation 'org.springframework.boot:spring-boot-starter-web'
testImplementation 'org.springframework.boot:spring-boot-starter-test'
}
test {
useJUnitPlatform()
}
2. Configure Social Login
Create a SecurityConfig class to configure social login. Include the necessary imports and annotations.
// src/main/java/com/example/security/SecurityConfig.java
import org.springframework.context.annotation.Bean;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests(authorize -> authorize
.antMatchers("/", "/login**", "/webjars/**", "/error**").permitAll()
.anyRequest().authenticated())
.oauth2Login(oauth2 -> oauth2
.loginPage("/login")
.defaultSuccessURL("/home", true)
.failureUrl("/login?error=true")
);
}
@Bean
public UserDetailsService userDetailsService() {
return username -> {
if ("user".equals(username)) {
return User.withDefaultPasswordEncoder()
.username(username)
.password("password")
.roles("USER")
.build();
} else {
throw new UsernameNotFoundException("User not found!");
}
};
}
@Bean
public ClientRegistrationRepository clientRegistrationRepository() {
return new InMemoryClientRegistrationRepository(Arrays.asList(
customClientRegistration("google", "client-id-google", "client-secret-google"),
customClientRegistration("github", "client-id-github", "client-secret-github"),
// Add more social identity providers as needed
));
}
private ClientRegistration customClientRegistration(
String clientName, String clientId, String clientSecret) {
return ClientRegistration.withRegistrationId(clientName)
.clientId(clientId)
.clientSecret(clientSecret)
.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
.redirectUriTemplate("{baseUrl}/login/oauth2/code/{registrationId}")
.scope("openid", "profile", "email")
.authorizationUri("https://" + clientName + ".com/login/oauth/authorize")
.tokenUri("https://" + clientName + ".com/login/oauth/access_token")
.userInfoUri("https://" + clientName + ".com/userinfo")
.userNameAttributeName(IdTokenClaimNames.SUB)
.jwkSetUri("https://" + clientName + ".com/.well-known/jwks.json")
.clientName(clientName)
.build();
}
}
3. Enable Social Login in HTML
Update your login HTML page to include buttons or links for social login options.
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Login</title>
</head>
<body>
<h2>Login</h2>
<form action="/login" method="post">
<button type="submit">Login with Username and Password</button>
</form>
<h3>Or</h3>
<div>
<a href="/oauth2/authorization/google">Login with Google</a>
<a href="/oauth2/authorization/github">Login with GitHub</a>
<!-- Add more social login buttons as needed -->
</div>
</body>
</html>
4. Run Your Application
Run your
Spring Boot application with the following command:
./gradlew bootRun
Navigate to the login page, and you should see options to log in with the configured social identity providers. Clicking on these options will initiate the OAuth2 flow, enabling users to authenticate through their social accounts.
Conclusion
You have successfully set up a Spring Authorization Server with social login capabilities using Gradle as the build tool. By integrating social login, you enhance the user experience and broaden the accessibility of your application. Follow these steps to seamlessly integrate social login into your OIDC provider and create a more versatile authentication process.