How to Implement Gitee OAuth2.0 Login with Spring Security 5 – Step-by-Step Demo

1. Introduction

Many projects need third‑party login or authorization, and OAuth2.0 is the most mature solution. Spring Security 5 integrates OAuth2.0 client support, allowing developers to implement such requirements easily.

2. Registering an OAuth2.0 Application

Register an application on the third‑party platform (e.g., Gitee) to obtain the necessary credentials. The platform will provide fields such as clientId, clientSecret, authorizationGrantType, tokenUri, userInfoUri, redirectUri, and scope.

clientId

A long string that identifies your application on the platform; it must be sent when requesting authorization.

clientSecret

The secret key, similar to a password, proving that the request originates from your application. Keep it confidential.

authorizationGrantType

The type of grant the platform supports; you must specify the grant type when requesting authorization.

tokenUri

The endpoint provided by the platform to obtain an access_token, which is used to access protected resources.

userInfoUri

The endpoint to retrieve the authorized user's basic information, typically non‑sensitive data.

redirectUri

The callback URL (sometimes called callback) where the platform sends the authorization result.

scope

The list of permissions you request, indicating what the authorization will be used for.

3. Experience the OAuth2.0 Authorization

First get a feel for the flow before diving deeper.

A Spring Security OAuth2.0 demo for Gitee is provided. To try it, run the corresponding project branch and open the following URL in a browser: http://localhost:8082/oauth2/authorization/gitee Follow the public account “码农小胖哥” and reply “authgitee” to obtain the demo source.