Skip to content

Latest commit

 

History

History
29 lines (22 loc) · 1.28 KB

401-17.md

File metadata and controls

29 lines (22 loc) · 1.28 KB
layout title permalink
page
401.17 Reading Notes
/401-R17/

OAuth

OAuth 2.0 In Spring Boot

  • On top of the Spring Security tools, Spring Boot natively supports OAuth 2.0 for integrated authorization via Google or GitHub.

    • This process includes registering the app (for example, with Github) and providing a callback URL (for a local project, this may look like "http://localhost:8080/login/oauth2/code/github"). In addition to importing Spring Security dependencies in the appropriate file, the "application.yml" file needs to include the following block with credentials inserted(replacing the github values with those provided by GitHub):
    spring:
security:
  oauth2:
    client:
      registration:
        github:
          clientId: github-client-id
          clientSecret: github-client-secret

Functionality

  • This process grants an access token to the application, and a corresponding cooke named JSESSIONID will be stored by the browser.

  • Rendering conditionally based on authentication state may be done either client-side or server-side. HTML elements with the class container authenticated will only render when a user has a valid authentication token (while container unauthenticated is used to exclude elements in this case)