I have some web applications built with spring boot and react. Both react and spring boot servers run in their corresponding container.
I want to build oauth based single sign on (SSO) functionality for all these applications. For example, if user goes to any of applications and try to login, it should redirect to the same page providing OAuth based SSO functionality (may be using google OAuth or facebook OAuth). Logging in once should login across all apps (and possibly logging out once should log out across all apps).
What all I found regarding OAuth2 in official docs is this example. It creates an application which configures the Spring security to redirect to google login and once the login is successful, it redirects back to index.html specified in the same application.
However, I already have multiple applications which I want all to redirect to single webpage which contains button "Login with Google" (along with other options like login with facebook and username / password). Upon successful google authentication, I want it to redirect to corresponding application which initiated the login.
Q1. Is it possible with some simple redirects? If yes how?
I did not found any tutorial explaining how to achieve this. I came across only this tutorial which makes use of makes uses Keycloak Authorization server with spring boot to demonstrate login across two apps. But Keycloak is not the part of spring boot.
Q2. If answer to Q1 is no, then how can I achieve OAuth2 based SSO across multiple apps, with all of them redirecting to single login webpage and redirecting to corresponding app upon successful authentication? Can you please elaborate the process or point me to some tutorial?
Update: I came across another post which seem to explain the same but with now deprecated @EnableAuthorizationServer annotation.
The Federated Identity sample is one of the samples available for Spring Authorization Server. It demonstrates how to configure Google and GitHub (you can also configure Facebook and others in a similar way) as a 3rd party authentication or identity provider.
If you follow the instructions in the readme and run the messages-client (client) and messages-resource (resource server) in the samples directory, you can test out the entire flow.
So to answer your questions (hopefully simply):
angular-client sample) and this webinar for more info on single-page apps and Spring Authorization Server.