Package org.springframework.security.config.annotation.web.configurers.oauth2.client

Class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>

  • All Implemented Interfaces:
    SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,​B>
    public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
extends AbstractAuthenticationFilterConfigurer<B,​OAuth2LoginConfigurer<B>,​org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter>
    An AbstractHttpConfigurer for OAuth 2.0 Login, which leverages the OAuth 2.0 Authorization Code Grant Flow.

    OAuth 2.0 Login provides an application with the capability to have users log in by using their existing account at an OAuth 2.0 or OpenID Connect 1.0 Provider.

    Defaults are provided for all configuration options with the only required configuration being clientRegistrationRepository(ClientRegistrationRepository). Alternatively, a ClientRegistrationRepository @Bean may be registered instead.

    Security Filters

    The following Filter's are populated:
    • OAuth2AuthorizationRequestRedirectFilter
    • OAuth2LoginAuthenticationFilter

    Shared Objects Created

    The following shared objects are populated:
    • ClientRegistrationRepository (required)
    • OAuth2AuthorizedClientRepository (optional)
    • GrantedAuthoritiesMapper (optional)

    Shared Objects Used

    The following shared objects are used:
    • ClientRegistrationRepository
    • OAuth2AuthorizedClientRepository
    • GrantedAuthoritiesMapper
    • DefaultLoginPageGeneratingFilter - if loginPage(String) is not configured and DefaultLoginPageGeneratingFilter is available, then a default login page will be made available
    Since:
    5.0
    See Also:
    HttpSecurity.oauth2Login(), OAuth2AuthorizationRequestRedirectFilter, OAuth2LoginAuthenticationFilter, ClientRegistrationRepository, OAuth2AuthorizedClientRepository, AbstractAuthenticationFilterConfigurer