'OAuth2 with Google and Spring Boot - I can't log out

I've been trying to get a successful Oauth2 login with Google and Spring Boot for a while now. This only works partially. Why partly - because I can't manage the logout or when I pressed the logout button I see an empty, white browser page with my URL (http://localhost:8181/ben/"). After a refresh of the page I get error from google, but if I open a new tab, enter my url, I'm still logged in to google, because I can see my user, which I'm outputting to my react application.

@SpringBootApplication
@EnableOAuth2Sso
@RestController
@CrossOrigin
public class SocialApplication extends WebSecurityConfigurerAdapter {

public static void main(String[] args) {
    SpringApplication.run(SocialApplication.class, args);
}

@RequestMapping("/user")
public Principal user(Principal principal) {
    return principal;
}

@RequestMapping("/logout")
public String fetchSignoutSite(HttpServletRequest request, HttpServletResponse response) {
    Cookie rememberMeCookie = new Cookie("JSESSIONID", "");
    rememberMeCookie.setMaxAge(0);
    response.addCookie(rememberMeCookie);

    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    if (auth != null) {
        new SecurityContextLogoutHandler().logout(request, response, auth);
    }

    auth.getPrincipal();
    return "redirect:/ben/login";
}

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.antMatcher("/**").authorizeRequests().antMatchers("/ben/*").permitAll().anyRequest().authenticated().and()
            .logout().logoutSuccessUrl("http://localhost:8181/ben/login").invalidateHttpSession(true)
            .clearAuthentication(true).deleteCookies("JSESSIONID");
}

My application.yml file looks like this:

# Spring Boot configuration
spring:
  profiles:
active: google
# Spring Security configuration
security:
 oauth2:
   client:
     clientId: 415772070383-3sapp4flauo6iqsq8eag7knpcii50v9k.apps.googleusercontent.com
  clientSecret: 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
  accessTokenUri: https://www.googleapis.com/oauth2/v4/token
  userAuthorizationUri: https://accounts.google.com/o/oauth2/v2/auth
  clientAuthenticationScheme: form
  scope:
    - email
    - profile
resource:
  userInfoUri: https://www.googleapis.com/oauth2/v3/userinfo
  preferTokenInfo: true
# Server configuration
server:
port: 8181
 servlet:
  context-path: /ben

enter image description here

springspring-bootoauth-2.0google-oauthspring-security-oauth2


Solution 1:[1]

That fetchSignoutSite only emptying the JsessionId and logging out from Spring Security context. So you would still need to add part where you go to google and sign out from there which I have no experience on implementation.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Juliyanage Silva

Related Questions

Upload data file as byte array with Feign

Apache Camel: Set body from resource

How to configure log4j in a Spring Mvc application configured with Java Annotations and using a log4j.properties file

SonnarQube's issue: change code to not construct the URL from user-controlled data

How do I produce just one message using Spring Cloud Stream w/o deprecated @Output, or turn off polling?

Error creating bean with name 'entityManagerFactory'

Spel not supported on spring annotation @Scheduled.fixedDelayString

How to run gradle based spring boot application in background using command line in ubuntu?

AuthenticationSuccessEvent never fired

Spring @Value annotation always evaluating as null?

Spring MongoDB query sorting

Map JSON default tag to java variable

Spring Hibernate Jackson Hibernate5Module

Spring JUnit: How to Mock autowired component in autowired component

Flyway Found more than one migration with version