search

GitHub Client

This introduction lab shows how easy you can use one of the well-known OAuth2/OIDC provider like GitHub, Google or Facebook with Spring Security.

Spring Security provides the class CommonOAuth2Provider containing predefined configurations for setting up one of these providers in your client application.

  • Google

  • GitHub

  • Facebook

  • Okta

These predefined configurations already include the base configuration settings for the different providers, so you just have to configure your application-specific parts.

For details please see the corresponding section in the spring security reference docarrow-up-right

This lab implements a simple client to display notifications for the GitHub user who will authorize this client to use his/her GitHub credentials.

The relevant OAuth2 configuration part is quite simple and is located in application.yml file:

spring:
  security:
    oauth2:
      client:
        registration:
          github:
            client-id: <client_id>
            client-secret: <client_secret>
            scope:
              - read:user
              - notifications
            redirect-uri: '{baseUrl}/login/oauth2/code/{registrationId}'

As you can see there are placeholders or client_id and client_secret. To get these credentials you need a GitHub account, after logging into your account:

  1. Go to your personal settings

  2. Then select Developer Settings, select OAuth Apps and click on New OAuth App

  3. Use Notification-Client as application name

  4. Use http://localhost:9090/login/oauth2/code/githubarrow-up-right as redirect uri

  5. Use http://localhost:9090arrow-up-right as homepage url

  6. Click on _Register application'

  7. Now you should see the generated values for Client ID and Client Secret

  8. Copy these values over the placeholders in application.yml file

No start the main class com.example.github.GitHubClientApplication and browse to localhost:9090arrow-up-right.

After you log in into GitHub you should see the user attributes, and you should be able to get the notifications by clicking on the button at the top of the screen.

PreviousAuthorization Code Grant DemoNextResource Server

Last updated