Integrating Google SSO Authentication in a Spring Boot Application

5 min readDec 21, 2024

Hello, everyone. In this blog post, I’ll describe SSO authentication using a sample Springboot application and the Google service.

SSO is a popular concept when someone signs up for a new web application(Social media, e-commerce, etc).

In a nutshell, SSO (Single Sign-On) is an authentication mechanism that allows users to log in once and access multiple applications or systems without having to log in again. It simplifies user access management and enhances security by centralizing authentication.

Key Features of SSO:

Centralized Authentication: Users authenticate through a single platform (e.g., Google, Microsoft Azure AD, Facebook, etc.).
Reduced Password Exhuast: Eliminates the need to remember multiple passwords for different applications.
Improved User Experience: Once logged in, users can access all linked systems without repeated logins.
Enhanced Security: It reduces the risk of weak passwords and centralizes access control.

How SSO Works:

Login Request: A user tries to access an application.
Redirection to Identity Provider (IdP): The application redirects the user to a trusted authentication service (e.g., Google, Okta, or an enterprise login system).
Authentication: The IDP verifies the user’s credentials.
Token Generation: If successful, the IdP sends a token to the application to confirm the user is authenticated.
Access Granted: The application validates the token and allows the user access.

Please refer to the sample sequence diagram, I have compiled for users trying to access the Google Photo service using SSO.

To understand more let’s do a practical example. Here I’m going to use the Springboot application along with 2 simple endpoints to explain SSO with Google service.

Let's start step by step.

1 Create a Springboot application

Project Structure

Required dependencies

plugins {
   id 'java'
   id 'org.springframework.boot' version '2.7.18'
   id 'io.spring.dependency-management' version '1.0.11.RELEASE'
}

group = 'com.app.cmbk.sso'
version = '0.0.1-SNAPSHOT'

java {
   toolchain {
      languageVersion = JavaLanguageVersion.of(11)
   }
}

repositories {
   mavenCentral()
}

dependencies {
   implementation 'org.springframework.boot:spring-boot-starter'
   implementation 'org.springframework.boot:spring-boot-starter-web'

   // Spring Boot Starter for Spring Security
   implementation 'org.springframework.boot:spring-boot-starter-security'

   // Spring Security OAuth2 Client
   implementation 'org.springframework.boot:spring-boot-starter-oauth2-client'

   //Lombok
   implementation 'org.projectlombok:lombok'
   implementation 'org.projectlombok:lombok:1.18.22'
   compileOnly 'org.projectlombok:lombok'
   annotationProcessor 'org.projectlombok:lombok'

   //Unit test
   testImplementation 'org.springframework.boot:spring-boot-starter-test'
   testRuntimeOnly 'org.junit.platform:junit-platform-launcher'

   implementation 'javax.validation:validation-api:2.0.1.Final'
}

tasks.named('test') {
   useJUnitPlatform()
}

configurations {
}

Controller Class

package com.app.cmbk.sso.controller;

import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

import java.security.Principal;

@RestController
public class AuthenticationController {

    @GetMapping("/")
    public String home() {
        return "Hello Welcome Chanaka MBK!!";
    }

    @GetMapping("/user")
    public Principal login(Principal user) {
        return user;
    }
}

Spring Configuration class for the Security

package com.app.cmbk.sso.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.SecurityFilterChain;

@Configuration
public class SpringConfig {

    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        return http.authorizeHttpRequests(registry -> {
            registry.regexMatchers("/").permitAll();
            registry.anyRequest().authenticated();
        }).oauth2Login(Customizer.withDefaults()).formLogin(Customizer.withDefaults()).build();

    }
}

application.properties values

spring.application.name=sso-authentication-google

spring.security.oauth2.client.registration.google.client-id=517829446525-389tri****************.apps.googl****nt.com
spring.security.oauth2.client.registration.google.client-secret=GOCSPX-qCme1xB-*************-P

This is the most important part of this example. In the property file, we should place the relevant service-related client-id and the client-secrent. It could be Google,Okta, GitHub, Facebook, etc. In my case it is Google.

Now spring boot changes are done. Let's get the valid client-id and the client-secret from Google to place on the property file.

2. Generate Google Client-id and Client-secret

2.1 Go to the https://console.cloud.google.com/apis/credentials

2.2 Create New Project

2.3 Configure Consent screen

2.4 Add or Remove

2.5 Add test users

2.6 Complete and Click the ‘’Back to Dashboard”

2.7 Config OAuth client ID

Here the “Authorized redirect URIs” are mandatory and this is the default one for spring boot I'm using a localhost domain since I’m testing this locally.

http://localhost:8080/login/oauth2/code/google

Then click the “Create” button. You will get the client-id and the client-secret as follows.