java – Spring Boot Application to validate oauth2 token from Google

java – Spring Boot Application to validate oauth2 token from Google

I would like to explain some scenrios that should be considered while deciding the security approach:

  1. If your application users exists in google, means users having google accounts, then you can go for google authorization server oauth 2.0 https://developers.google.com/identity/protocols/OAuth2, In this case your should register on google developer portal, and application will recieve the access and refresh token after successful authentication of users. After that OpenId call can be made to google to get the user information
    Above flow and integration will same as, Like you see the link on Quora application for Login via google.
    Now in services you can request validate the Bearer token via google oauth 2.0 validate endpoint and call the userinfo endpoint to fetch the user information.
    if you go for JWT token then there wont be requirement to reach out to google authorization server for token validation and userinfo call.

  2. Second approach is to build your own oauth 2.0 server using springBoot – https://spring.io/guides/tutorials/spring-boot-oauth2/
    Use API gateway layer for token validation and further authorization can be done on microservices using spring security.

At the end of this tutorial you have more info for Google’s userInfo endpoint response:

https://developers.google.com/identity/protocols/OpenIDConnect#obtainuserinfo
You can check there 🙂

java – Spring Boot Application to validate oauth2 token from Google

Leave a Reply

Your email address will not be published. Required fields are marked *