In my application(currently it supports google and Facebook login), clientId and clientSecret store in the application.properties file. Now I want to store those details in the database (they need to change those values dynamically). How can I do it? Is it bad practice?
Spring Security reads the OAuth client information from a ClientRegistrationRepository object. By default, it's in memory (SpringBoot autoconfigures an InMemoryClientRegistrationRepository bean) and populated with the data you put in application.properties. To fetch it from a database, you can implement the ClientRegistrationRepository interface which has only one method: ClientRegistration findByRegistrationId(String registrationId). In your implementation, you would use the registrationId parameter to fetch the details from a database and return a ClientRegistration object (the ClientRegistrations class provides a builder for that). I recommend not saving the clientSecret in cleartext in the database. You can use one of the utilities offered by the Spring Security Crypto module to encrypt/decrypt the value.