Spring I/O

Sessions

Joe Grandja

Next Generation OAuth Support with Spring Security 5

Joe Grandja - Pivotal

Spring Security 5.0 introduced new support for the OAuth 2.0 Authorization Framework and OpenID Connect 1.0.

This talk will provide a detailed overview and demonstration of the new OAuth 2.0 Login feature, which provides an application with the capability to have users log in to the application by using their existing account at an OAuth 2.0 Provider (e.g. GitHub) or OpenID Connect 1.0 Provider (e.g. Google). This feature essentially realizes the use case “Login with Google” or “Login with Facebook” and is implemented by leveraging the Authorization Code Grant flow.

The main goal of this talk is to demonstrate the steps required to setup OAuth 2.0 Login for a Spring Boot 2.0 sample application. Additionally, the demo will also show you how to configure and map custom user authorities after each successful login, in order to enable fine-grained authorization rules in the security configuration.