OpenID Connect Spring Client

A simple demo of an OpenId Connect client using Spring Security and Spring OAuth2 to authenticate with the Google Identity Platform.

User Guide

Google Credentials

1. Instructions assume you already have a Google account.
2. Create a new project at Google Developer Console.
3. Click on 'Credentials' on left menu.
4. Click on 'OAuth consent screen' tab,
5. Add 'Product name shown to users' e.g. MyThingyApp. Save.
6. Click 'Create credentials' and select 'OAuth client ID'.
7. Credentials: Create Client ID: Select 'Web Application'.
8. Credentials: Create Client ID: Set 'Authorised redirect URIs': http://localhost:8080/login
9. Click 'Create'. This will create your OAuth2 clientId and clientSecret.

Demo App

1. Rename application.properties.template to application.properties.
2. Add your clientId and clientSecret to the application.properties file.
3. Update google.openidconnect.optional.scopes in application.properties as required.
4. Build the app: mvn clean install
5. Start the app: mvn spring-boot:run
6. Open a browser and go to: http://localhost:8080

Once you've authenticated with Google and authorized the app, you should get redirected to the Homepage:

Secured Homepage

UserId: ALongNumber
Email: <username>@gmail.com

It's worth taking a look at the browser network tab to see the OpenID Connect interactions. The app console log dumps out some useful stuff too, e.g. token details and user info.

Testing

A bare-bones integration test is included and can be run as part of the build. To do this:

1. Start the app: mvn spring-boot:run
2. Run the test: mvn verify -Dskip.integration.tests=false

Credits

This app was inspired by the excellent tutorial written by eugenp. The integration test originated from code written by fromi.

References

1. A good introduction to OpenID Connect.
2. OpenID Connect Core Specification.
3. RFC7519 - the Java Web Token (JWT) spec.
4. A useful JWT Debugger.