- Frontend wants to login via Google and uses the profile api.
- Profile api, in turn, accepts this request from Front and goes to Google to log in
- Authorization occurs through Google provider.
- After successful login, Google provider sends a response to the Profile api with user data.
- Profile api validates data that came from Google provider.
- Profile api gives Frontend access and refresh token.
add API credentials, (clientId and clientSecret)
frontendRedirectUrlAfterSuccessAuth -> After successful authorization on the provider's side, it returns us a response with user data. We validate this data and if everything is successful, then we redirect the application that made the request to us, and provide tokens for authorization.
This documentation is for setting up for sign in/up via social networks.
There are many different APIs that provide an opportunity to log into the system.
Examples are Google, Facebook, Twitter, Apple, Github, and others.
In order to do this implementation, you need:
1) Register an account to create an API. Many of the different networks offer the ability to create APIs for your projects, but for this you need to create a developer account.
2) Next, you must create an API on this account for what you need it for. In our case, we are creating an API for sign in/up
3) After you have created the API, ClientID and ClientSecret will be generated for you. These are the main parameters we need in our project.
After receiving these credentials , we will use them in our project.
To begin with, we need to create an endpoint that will be responsible for sing in/up for the selected social network.
In api/api-spec/src/main/resources/spec/api
- You need to create a new directory that will be your new API class.
- In it, you must create a controller.xml in which you will describe the endpoints.
- In the newly created directory, make another directory. This will be your endpoint.
- In this directory, you must create an endpoint.xml file. This is where you describe the behavior of your endpoint for authorization.
And after that, we need to generate our objects.
cmd/run generate api
@GET("/api/v1/login/google")
public ResponseEntity<GenericApiResponse<JwtTokenResponse>> loginViaGoogle(final OAuth2User user) {
}
After we have created our endpoint, we need to configure this endpoint for authorization.
For this, we will just use our ClientID and ClientSecret.
In application.yml we need to create a section for our functional.
spring:
security:
oauth2:
client:
registration:
google: (twitter, facebook, apple, okta, and others.)
client-id: ClientID
client-secret: ClientSecret
...
util/security/src/main/java/com/knubisoft/security/GlobalWebSecurityConfigurerAdapter.java
In the GlobalWebSecurityConfigurerAdapter configuration class
In
private static final String[] OAUTH2_ENDPOINTS
we must pass our newly created endpoint so that the system provides access to go to this endpoint
private static final String[] OAUTH2_ENDPOINTS = {"/api/v1/login/google"};
And after that, you can run the project and check the functionality of this endpoint.
The main idea is that:
1) GlobalWebSecurityConfigurerAdapter configured for authorization for social networks. The main thing for us is to transfer the enpoint that is responsible for it.
2) application.yml stores the ClientID and ClientSecret that we need to access our created API
3) In case of successful authorization, we will receive an OAuth2Token from OAuth2User in which we can get information about the user.
In our case, we only need his email.
If you have any questions/suggestions feel free to contact @Vadym Kostenko (email: v.kostenko@knubisoft.com)
Spring OAuth2 doc
https://docs.spring.io/spring-security/reference/servlet/oauth2/login/core.html
https://spring.io/guides/tutorials/spring-boot-oauth2/
https://www.baeldung.com/spring-security-5-oauth2-login
...