使用 oauth2 + JWT 的 Springboot 社交登录

Question

I am developing a REST monolith service. With it i need to be able to register users through social networks, store them internally in my database and authorize them with certain authorities. After which i need the service to use JWT for security, the service needs to run in STATELESS mode.

I've read a lot of articles over the past week but they either explain only a small part of it or they don't explain what they are using and why.

I am using spring security 5 which enables "easy" integration for session login with social networks which i managed to pull of by using

.oauth2Login()

in my configure method of WebSecurityConfigurerAdapter, but it utilizes session creation. If i tell it to be STATELESS it will not function.

Also, I managed to set up JWT security where my service issues tokens, but I do not know how to connect those two. I've seen that

oauth2ResourceServcer()

method has jwt method but I canot grasp on how i should implement it.

Does anyone have any suggestion or an example that I could follow? Any help would be much appreciated.

Kind Regards

Answer 1

Social logins are implemented one by one, there is no library that will provide with with seamless out-of-the-box solution that will include all social platforms.

Enabling spring security will give you nothing more than extra layer of protection and the ability to manage the users yourself, without social logins if you want to.

For my projects with social login I have been using keycloak . It will handle all the security for you and has nice integration with spring boot . Furthermore it provides login form (without social login), so you will give your users full flexibility.

Main drawback for me is that the UI is a real pain to customise and I had trouble running it behind nginx https reverse proxy, but it is doable and there are plenty of resources out threre.