This project demonstrates OAuth2 implementation in a Spring Boot application using GitHub as the authentication provider. It covers setting up OAuth2 client configurations, creating endpoints for login/logout, and displaying user details upon successful authentication.
In this application, users can:
- Log in using their GitHub accounts.
- Access a customized home page displaying their GitHub profile and repository links.
- Log out securely, clearing session data.
- Revoke tokens in GitHub to test re-authorization flows.
- OAuth2 Flow: We leverage GitHub as the OAuth2 provider.
- Session Management: Ensure secure sessions with Spring Security.
- User Interface (UI): Simple UI built with Thymeleaf and Bootstrap.
- Java 17
- Maven 3+
- Spring Boot 3.x
- GitHub Developer Account (for creating OAuth App)
Create an OAuth application on GitHub:
-
Go to GitHub Developer Settings.
-
Select New OAuth App.
-
Fill in details:
- Application name:
wish-it.com(or any other name) - Homepage URL:
http://localhost:8080 - Authorization callback URL:
http://localhost:8080/login/oauth2/code/github
- Application name:
-
Once created, save the Client ID and Client Secret.
Clone this project repository:
git clone https://github.com//oauth2-github-demo.git cd oauth2-github-demo
Open src/main/resources/application.yml and add your GitHub OAuth2 credentials:
spring: security: oauth2: client: registration: github: client-id: <YOUR_CLIENT_ID> client-secret: <YOUR_CLIENT_SECRET> scope: read:user
Use Maven to build and run the application:
mvn clean install mvn spring-boot:run
Visit http://localhost:8080/login to start the login process.
Includes the following dependencies:
spring-boot-starter-web: Provides web application support.spring-boot-starter-oauth2-client: Manages OAuth2 login and authorization.spring-boot-starter-thymeleaf: Renders dynamic HTML templates.
Contains configuration for OAuth2 login:
- Client ID and Client Secret from GitHub OAuth.
- Scope set to
read:userfor accessing basic GitHub profile information.
Located in SecurityConfig.java:
- Permit Access: Sets
/loginand/logoutas open paths. - OAuth2 Login Setup: Defines a custom login page and redirects successful logins to
/home. - Session Invalidation: Clears session data upon logout.
- /login: Displays the login page.
- /home: Fetches user details and renders them on
home.html. - /logout: Ends the session and redirects to
logout.html. - /error: Displays error information if authentication fails.
login.html- Displays a button for GitHub login.home.html- Displays user details (username, profile link, and repositories).logout.html- Confirms user logout and provides a re-login option.error.html- Displays error details for authentication issues.
- Access
http://localhost:8080/login. - Click on Login via GitHub.
- Upon successful authorization, users are redirected to the home page.
- After initial login, subsequent logins bypass re-authorization (session persists).
- Revoke tokens from GitHub to test re-authorization.
- On re-login, users will need to authorize the app again.
To create a Spring Boot application directly from the command line:
Invoke-WebRequest -Uri "https://start.spring.io/starter.zip?name=oauth2-demo&dependencies=web,thymeleaf,oauth2-client&type=maven-project" -OutFile oauth2-demo.zip
curl -o oauth2-demo.zip "https://start.spring.io/starter.zip?name=oauth2-demo&dependencies=web,thymeleaf,oauth2-client&type=maven-project"
Include screenshots of each page:
- Login Page
- Home Page with User Details
- Logout Confirmation Page
- Error Page
- Support for additional OAuth2 providers (Google, Facebook).
- Adding detailed error handling and user-friendly messages.
- Implementing authorization flows with custom roles and scopes.
If you'd like to contribute, please fork the repository and create a pull request.