One of the coolest things people reach for in building web apps, is off loading authentication to one of the three biggies: Facebook, Twitter, or Google.
Why maintain a list of users when there is someone else (with considerably bigger budgets) ready to do that for you?
So as part of my latest book writing endeavor, I wanted to dig in and show you The Way. Spring Boot 3 + Spring Security’s amazing OAuth 2.0 support!
Before we can move forward, there’s a little something YOU have to do. And that’s create “an app” in Google. This is the part, where you tell Google about your app, and they give you credentials. It’s not hard. Just…tedious.
- Go to Google Cloud’s dashboard.
- Click on the drop down right next to Google Cloud Platform and then hit New Project. Accept the default values.
- Select your new project so it’s showing in the dropdown at the top.
- On the left-hand panel, scroll down and hover on APIs & Services. On the pop-up menu, click on Enabled APIs & Services.
- On the list below, look for YouTube Data API v3. Click on it, then hit Enable API.
- Back at your application’s dashboard, look on the left-hand panel and select Credentials.
- Click on +CREATE CREDENTIALS. Select OAuth Client.
- For Application type, select Web Application.
- In Name, give your web application a name.
- This part is critical. In the Authorized redirect URIs, enter http://localhost:8080/login/oauth2/code/google
- Once these client credentials are credited, capture the Client ID and Client secret in the top right corner.
- Go back to the left-hand column from earlier, and click on OAuth Consent Screen. Underneath Test User create an entry for each email address you want to login under.
This should get you off the ground. It’s a little tricky, but possible.
TIP: You do NOT have to publish or release your application to get warmed up on OAuth! You can tinker with this application where you (and only you) can access it.