How to implement Openid connect and Spring Security

9
votes

I am beginner of authentication and authorization but I have to connect to a openid connect provider on my job. I know a little about how to use Spring Security.

First, I got UserInfo object thanks by following nice direction. https://oauthssodemo.appspot.com/step/1

And then I found a great implementation named "spring-security-oauth" below. I could run the app on tomcat and connect to facebook successfully.
https://github.com/SpringSource/spring-security-oauth

As next step, I want to connect google by using "spring-security-oauth" but I do not know how to do that completely. (To be honest, I do not know how differences openid connect and aouth2..)

give me a clue. Any help will be appreciated.

3
spring-securityopenidoauth-2.0google-openid
Any return on your experience? Reference or example? Thx!Nereis

3 Answers

8
votes

here is a sample minimal project integrating Google Open Id Connect with Spring Security: https://github.com/fromi/spring-google-openidconnect The key point for me was to rely heavily on Spring OAuth2 to minimize the configuration required.

1
votes

The OpenID Connect basic essentials specification is for the time being at http://openid.net/specs/openid-connect-basic-1_0.html For Spring specific details to implement individual steps, frame new questions further detailing the exact task w. r. t. this procedure.

0
votes

You could use the spring-social-google projet to implement a "Sign in with Google" functionality. It's use OAuth 2.0 under the hood but right now it's use to Google+ API to retrieve profile informations. I did a fork to make it use the Google Authentification and Authorization API which is basicaly the openconnect Id standard