I am trying to set up a basic google oauth setup for a spring boot app. My idea is that frontend will redirect to a url like http://localhost:8081/oauth2/authorization/google and after authentication, the backend creates user, user session then redirects back to localhost:3000 (frontend)
I have written a Oauth2SuccessHandler and Oauth2FailureHandler for this purpose. This is my SecurityConfig.
import lombok.RequiredArgsConstructor;
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.web.SecurityFilterChain;
@EnableWebSecurity
@RequiredArgsConstructor
public class SecurityConfig {
private final OAuth2SuccessHandler successHandler;
private final OAuth2FailureHandler failureHandler;
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeHttpRequests(auth -> auth
.requestMatchers("/oauth2/**","/auth/**").permitAll()
.anyRequest().authenticated()
)
.oauth2Login(oauth -> oauth
.successHandler(successHandler)
.failureHandler(failureHandler)
);
return http.build();
}
}
It mostly seems to work however after authentication, the Oauth2successHandler is not invoked. It looks like this
@Component
@RequiredArgsConstructor
public class OAuth2SuccessHandler implements AuthenticationSuccessHandler {
@Override
public void onAuthenticationSuccess(HttpServletRequest request,
HttpServletResponse response,
Authentication authentication) throws IOException {
//My logic
}
}
"My logic" never gets executed. The authentication seems to be successful, I am able to see my google account details in the logs. After that, it redirects to "/" (localhost:8081/) instead of going to my success handler.
In case application.properties is useful,
spring.security.oauth2.client.registration.google.client-id=
spring.security.oauth2.client.registration.google.client-secret=
spring.security.oauth2.client.registration.google.scope=openid,email,profile
spring.security.oauth2.client.registration.google.redirect-uri={baseUrl}/login/oauth2/code/{registrationId}
spring.security.oauth2.client.provider.google.authorization-uri=https://accounts.google.com/o/oauth2/v2/auth
spring.security.oauth2.client.provider.google.token-uri=https://oauth2.googleapis.com/token
spring.security.oauth2.client.provider.google.user-info-uri=https://openidconnect.googleapis.com/v1/userinfo
spring.security.oauth2.client.provider.google.user-name-attribute=sub
My question is to understand why my SuccessHandler is not invoked and how to fix it.
After I added @Configuration
to SecurityConfig
, it fixed my issue. The OauthSuccessHandler is getting invoked now. However, I am still not sure how the oauth flow worked before but only my OauthSuccessHandler failed to get invoked.