Spring Social Login

burhantaha profile image burhanuddin taha Updated on ・4 min read

In my last post i tried to cover different ways by which one can integrate with social login in application, we started with dependencies selection and in this post we will try to understand how implementation is differ with each other, based on usecase we can select the way of implementation which starts with dependencies.

As we all know that integration with any authorization server (here in our case any social service provider like google) is based on OAUTH2, which deals with authentication (openid) and authorization (scope/grants). In our case we ask user to perform login on any social site and once login is successful, we will allow user to perform action on our application.

Using spring we can achieve above use case by different ways.

  1. Using Oauth2Client provided by Spring Security
  2. Using SpringSocial provided by Spring

There is major change from Spring Security 4.X to Spring Security 5.x, this is worth to mention because spring boot 1.5.x to spring boot 2.1.x uses spring security with different version.

May be this table will help to understand

Spring Boot 1.5.x with spring security 4.2.x
Using Spring OAuth Client
Spring boot security starter provides default spring security 4.x dependencies, and Spring 4.x doesn't have by default support available for oauth2, to work with oauth2, it is required to include additional dependency for Spring-Security-oauth2
  • Using @enableOAuthSSO
  • Spring security oauth2 provides an special annotation named @enableOAuthSSO,using it one can enable Social Login without much effort, only need is to add the basic oauth configuration in yaml file. @enableOAuthSSO enables special filter called "Oauth2clientauthenticationprocessingfilter" which bridges gap between spring security and Oauth2 flow.
      This filter perform mainly two task
    1. Enable oauth2client for OAuth flow
    2. After successful oauth flow, align springsecuritycontext.
    But @enableOAuthSSO can only support single provider, means if you want to support more then one social login like google and facebook in same project, @enableOAuthSSO won't help
  • Using Oauth2client
  • If we want to integrate more then one social for the authentication purpose, then we have to do some extra things,
    1. Use @EnableOAuth2Client
    2. Write a custom filter class which will handle OAuth2ClientContext
    Spring Boot 2.1.x with spring security 5.1.x
    With Spring Security 5.1.x Oauth2 authentication is by default first class citizen, it is very simple for an application to act as Oauth2 client, As we seen with older version of Spring Security there is specific annotation called "EnableOAuthSSO" which enable under the hood oauth2client and OAuth2SecurityFilter, in latest version of spring security this annotation is removed, instead if you include the dependency of oauth2 client with spring security and provide the client configuration in the configuration (application.yml) spring by default enable oauth2 login
    With spring boot
    if we include,

    And add following configuration in the application.yaml spring:
          client-id: XX
          client-secret: XX
    Run the application and as soon as we will open the home page, it will by default navigate to the google, if there are more then one oauth2 client configure then spring will give the option to choose by providing the list.
    Spring provide default provider page, base on the configuration define in the application.yaml
    Using Spring Social
    The Spring Social project provides:
    1. A standard way to get access to the social network specific API’s with Java bindings to popular service provider APIs such as Facebook, Twitter, LinkedIn and GitHub.
    2. An extensible service provider framework that greatly simplifies the process of connecting local user accounts to social network provider accounts.
    Following are the step to provide login using social networking site like facebook and twitter,
    • Define Social Configuration by providing userconnectionrepository (by default spring use in-memory implementation but there is also JDBC implementation provided by spring social.)
    • Provide implementation for SignInAdaptor, this Adaptor is one hook point which Spring Social provide to take action as well as align the Spring security after successful Oath2 flow. (SingInAdaptor will be called only if UserConnectionisAlreadyExist)
    • if user is not found in the UserConnectionRepository, then spring redirect to singup page (a url which is provided during defining ProviderSignInController).

    In nutshell it is very easy with new spring security to provide login with any external authentication provider, by default spring provide implementation for most of the known social networking site.

    In future article i will try to cover more on the implementation part as well as custom authorization server and authentication using it.

    Posted on by:

    burhantaha profile

    burhanuddin taha


    Full stack java and mobile application developer, strong supporter of Open source project. Football is life.


    Editor guide