Explain the flow of google auth in spring boot
@Bean
public SecurityFilterChain googleOAuth2SecurityFilterChain(HttpSecurity httpSecurity) throws Exception {
return httpSecurity
.securityMatcher(new AntPathRequestMatcher("/oauth2/**"))
.csrf(AbstractHttpConfigurer::disable)
.authorizeHttpRequests(auth -> auth
.requestMatchers("/auth/login/**", "/oauth2/**", "/login/oauth2/**", "/login").permitAll()
.anyRequest().authenticated()
)
.oauth2Login(oauth2 -> oauth2
.loginPage("/auth/login/google")
.defaultSuccessUrl("/dashboard", true)
.failureUrl("/login?error=true")
.userInfoEndpoint(userInfo -> userInfo.userService(googleOAuth2Service))
.successHandler((request, response, authentication) -> {
DefaultOAuth2User oauth2User = (DefaultOAuth2User) authentication.getPrincipal();
String token = oauth2User.getAttribute("token");
response.addHeader(HttpHeaders.AUTHORIZATION, "Bearer " + token);
})
)
.exceptionHandling(ex -> ex
.authenticationEntryPoint(new CustomOAuth2AuthenticationEntryPoint())
.accessDeniedHandler(new CustomAccessDeniedHandler())
)
.logout(logout -> logout
.logoutUrl("/logout")
.logoutSuccessUrl("/login?logout=true")
.addLogoutHandler(logoutHandlerService)
)
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.build();
}@Bean
public SecurityFilterChain googleOAuth2SecurityFilterChain(HttpSecurity httpSecurity) throws Exception {
return httpSecurity
.securityMatcher(new AntPathRequestMatcher("/oauth2/**"))
.csrf(AbstractHttpConfigurer::disable)
.authorizeHttpRequests(auth -> auth
.requestMatchers("/auth/login/**", "/oauth2/**", "/login/oauth2/**", "/login").permitAll()
.anyRequest().authenticated()
)
.oauth2Login(oauth2 -> oauth2
.loginPage("/auth/login/google")
.defaultSuccessUrl("/dashboard", true)
.failureUrl("/login?error=true")
.userInfoEndpoint(userInfo -> userInfo.userService(googleOAuth2Service))
.successHandler((request, response, authentication) -> {
DefaultOAuth2User oauth2User = (DefaultOAuth2User) authentication.getPrincipal();
String token = oauth2User.getAttribute("token");
response.addHeader(HttpHeaders.AUTHORIZATION, "Bearer " + token);
})
)
.exceptionHandling(ex -> ex
.authenticationEntryPoint(new CustomOAuth2AuthenticationEntryPoint())
.accessDeniedHandler(new CustomAccessDeniedHandler())
)
.logout(logout -> logout
.logoutUrl("/logout")
.logoutSuccessUrl("/login?logout=true")
.addLogoutHandler(logoutHandlerService)
)
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.build();
}How does the flow work post authorization from google. Do i need to create an API /auth/login/google if i have a seperate frontend?
