How to create a user from a id_token with Spring?

Question

I am building a SPA with a spring on the backend. I am working on signing in with Google, most of it is working already: got the id_token with the implicit flow in the frontend and I sent it and verified it on the backend.

I want to have users with roles and manage that locally (so, no adding info in the oidc provider). What are the options to go from the id_token to having an authenticated user in spring? I did not find any example doing that link manually (id_token-spring_sec_user).

I have checked several sources like the Spring Security 5 presentation at SpringOne https://www.youtube.com/watch?v=WhrOCurxFWU, several SO questions and posts on okta's and auth0's blogs but I am still missing the link.

Answer 1

You will have to create your own (application) specific roles.

Use these steps :

1. Get authenticated from Google
2. Access the profile section from google (username, name etc )
3. Use your own user table to store this info
4. Create admin APIs in your own system and assign your app-specific roles to the user.
5. When you login again you will authenticate against google login/password and roles specific to your application .

Answer 2

Create an account or session with the id_token

Check if the user is already in your user database. If so, establish an authenticated session for the user. If the user isn't yet in your user database, create a new user record with default role from the information in the ID token payload, and establish a session for the user. You can prompt the user for any additional profile information you require when you detect a newly created user in your app.