'How to implement Oauth login in android+ spring boot+ security

I am trying to implement sns login with Spring Security. The api server is spring-boot and the front is android and iOS.

From my understanding, it seems that spring-security-oauth-client supports the process of issuing an access token with server side rendering. (authentication code grant or implicit grant ..etc)

This is where my troubles begin.

First of all, I want to use OpenId Connect because I know that authentication should not be processed with oauth's access token.

Because android needs to use the sdk, the front (android) issues the idToken and gives it to the backend server.

So I wanted to implement it using the oauth2 function supported by spring-security, but I couldn't find a good way. So the following question arose:

  1. Can it be implemented with the oauth-support function of spring-security?

So, I am trying to process authentication by creating an Authentication Provider for each oauth provider through a custom filter that directly extends OncePerRequestFilter.

Another question arises here.

  1. Is there any difference between implementing the filter directly in spring-security and performing authentication in the controller of the spring container? performance or other aspects

thank you.

spring-securityoauth-2.0openid-connect


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

How to return 404 for pages that do not exist when using Grails Spring Security Plugin

spring sas 0.2.0 access_token throw 'Access is denied'

AuthenticationSuccessEvent never fired

Spring Security: How to use a UserDetailsService with JwtAuthenticationProvider?

@EventListener for AuthenticationSuccessEvent or InteractiveAuthenticationSuccessEvent not fired

CookieCsrfTokenRepository allows the client to create its own Csrf Tokens

Authorization Header not getting displayed in CURL springdoc-openapi-ui

Getting 404 error in spring boot even though method is logging statements

Consider defining a bean of type 'org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository' in your configuration

Customizing the TokenEndpoint in spring security OAuth2

Swagger UI being blocked by Spring Security

Spring boot security, always redirects to login page, if navigate through address bar

How does SecurityContextHolder.getContext().getAuthentication() work?

automatically redirect to login page after session timeout - JSP, Spring

Spring security - Disable logout redirect