Spring Boot Application to validate oauth2 token from Google

Question

I have my Spring Boot application, that provides some rest endpoints. Those rest endpoints need security, and I want to use the Oauth2 for it.

My idea is to use Google oauth2 token for that. I don't want to provide login functionality in my Spring Boot app, so I just want to check that the Bearer token is there and get the user info from it to display his/her data accordingly.

I'm checking this tutorial, but I don't think it's exactly what I want

https://www.baeldung.com/spring-security-5-oauth2-login

Answer 1

At the end of this tutorial you have more info for Google’s userInfo endpoint response:

https://developers.google.com/identity/protocols/OpenIDConnect#obtainuserinfo You can check there :)

Answer 2

I would like to explain some scenrios that should be considered while deciding the security approach:

1. If your application users exists in google, means users having google accounts, then you can go for google authorization server oauth 2.0 https://developers.google.com/identity/protocols/OAuth2, In this case your should register on google developer portal, and application will recieve the access and refresh token after successful authentication of users. After that OpenId call can be made to google to get the user information Above flow and integration will same as, Like you see the link on Quora application for "Login via google". Now in services you can request validate the Bearer token via google oauth 2.0 validate endpoint and call the userinfo endpoint to fetch the user information. if you go for JWT token then there wont be requirement to reach out to google authorization server for token validation and userinfo call.

2. Second approach is to build your own oauth 2.0 server using springBoot - https://spring.io/guides/tutorials/spring-boot-oauth2/ Use API gateway layer for token validation and further authorization can be done on microservices using spring security.