In my last post i tried to cover different ways by which one can integrate with social login in application, we started with dependencies selection and in this post we will try to understand how implementation is differ with each other, based on usecase we can select the way of implementation which starts with dependencies.
As we all know that integration with any authorization server (here in our case any social service provider like google) is based on OAUTH2, which deals with authentication (openid) and authorization (scope/grants). In our case we ask user to perform login on any social site and once login is successful, we will allow user to perform action on our application.
Using spring we can achieve above use case by different ways.
- Using Oauth2Client provided by Spring Security
- Using SpringSocial provided by Spring
There is major change from Spring Security 4.X to Spring Security 5.x, this is worth to mention because spring boot 1.5.x to spring boot 2.1.x uses spring security with different version.
May be this table will help to understand
|Spring Boot 1.5.x with spring security 4.2.x|
|Using Spring OAuth Client
Spring boot security starter provides default spring security 4.x dependencies, and Spring 4.x doesn't have by default support available for oauth2, to work with oauth2, it is required to include additional dependency for Spring-Security-oauth2
|Spring Boot 2.1.x with spring security 5.1.x|
With Spring Security 5.1.x Oauth2 authentication is by default first class citizen, it is very simple for an application to act as Oauth2 client,
As we seen with older version of Spring Security there is specific annotation called "EnableOAuthSSO" which enable under the hood oauth2client and OAuth2SecurityFilter, in latest version of spring security this annotation is removed, instead if you include the dependency of oauth2 client with spring security and provide the client configuration in the configuration (application.yml) spring by default enable oauth2 login
With spring boot
if we include,
And add following configuration in the application.yaml spring:
Run the application and as soon as we will open the home page, it will by default navigate to the google, if there are more then one oauth2 client configure then spring will give the option to choose by providing the list.
Spring provide default provider page, base on the configuration define in the application.yaml
|Using Spring Social|
|The Spring Social project provides:
In nutshell it is very easy with new spring security to provide login with any external authentication provider, by default spring provide implementation for most of the known social networking site.
In future article i will try to cover more on the implementation part as well as custom authorization server and authentication using it.