Integrating Facebook and Google OAuth in a Spring Boot Backend: A Complete Guide (2025)
If you're building a web or mobile application, enabling social login via Facebook and Google OAuth can significantly improve user experience. In this tutorial, we’ll walk you through integrating both providers in a Spring Boot backend with clear, actionable steps.
Why Social Login?
- Faster sign-ups and logins
- Fewer passwords for users to remember
- Verified email addresses from OAuth providers
Prerequisites
- Java 17 or higher
- Spring Boot 3.x
- Maven
- Facebook Developer Account
- Google Cloud Console Account
Step 1: Set Up OAuth Credentials
Google OAuth Credentials
- Go to: Google Cloud Console
- Create a new project
- Navigate to APIs & Services → OAuth Consent Screen
- Add necessary app details and authorized domains
- Create OAuth credentials under Credentials → Create Credentials → OAuth Client ID
- Save the Client ID and Client Secret
Facebook OAuth Credentials
- Go to: Facebook Developer Console
- Create a new app
- Set up Facebook Login product
- Add redirect URIs and get App ID and App Secret
Step 2: Add Spring Security OAuth2 Dependencies
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-client</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
Step 3: Configure application.yml
spring:
security:
oauth2:
client:
registration:
google:
client-id: YOUR_GOOGLE_CLIENT_ID
client-secret: YOUR_GOOGLE_CLIENT_SECRET
scope: email, profile
facebook:
client-id: YOUR_FACEBOOK_APP_ID
client-secret: YOUR_FACEBOOK_APP_SECRET
scope: email, public_profile
provider:
facebook:
authorization-uri: https://www.facebook.com/v16.0/dialog/oauth
token-uri: https://graph.facebook.com/v16.0/oauth/access_token
user-info-uri: https://graph.facebook.com/me?fields=id,name,email
Step 4: Create Security Configuration
@Configuration
@EnableWebSecurity
public class SecurityConfig {
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
.authorizeHttpRequests(authz -> authz
.requestMatchers("/", "/login**").permitAll()
.anyRequest().authenticated()
)
.oauth2Login(Customizer.withDefaults());
return http.build();
}
}
Step 5: Handling OAuth User Info
@RestController
public class UserController {
@GetMapping("/user")
public Map<String, Object> user(OAuth2AuthenticationToken authentication) {
return authentication.getPrincipal().getAttributes();
}
}
Step 6: Redirect and Frontend Integration
Make sure to configure redirect URIs in both Google and Facebook developer consoles to match your Spring Boot server’s URLs:
http://localhost:8080/login/oauth2/code/googlehttp://localhost:8080/login/oauth2/code/facebook
Common Troubleshooting Tips
- Invalid Redirect URI Error: Ensure URIs match exactly, including trailing slashes.
- 403 Forbidden on Callback: Check Spring Security configuration and ensure correct scopes are set.
Conclusion
Integrating both Google and Facebook OAuth into a Spring Boot backend enhances security and user convenience. By following this step-by-step guide, you should have a functioning setup ready for production use.
Bonus Tips for Production
- Use HTTPS in production for OAuth callbacks.
- Store client secrets securely (use environment variables or a secret management service).
- Log only necessary information to avoid leaking sensitive user data.
0 Comments