Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Adds OAuth-based authentication to the Spring Security plugin
Groovy Shell
branch: master

This branch is 107 commits ahead, 3 commits behind cazacugmihai:master

Failed to load latest commit information.
grails-app try to fix automatic release
scripts fix default configuration
test add CodeNarc checks
testapps/s2oauth upgrade to Grails 2.4 RC2 and SSC 2.0 RC3
wrapper upgrade Grails to 2.4.4
.gitignore add testapps
.travis.yml test Travis CI publishing use grailsw in example
SpringSecurityOauthGrailsPlugin.groovy back to snapshot and remove loadafter upgrade Grails to 2.5.0
grailsw upgrade Grails to 2.4.4
grailsw.bat upgrade Grails to 2.4.4
testapps.config.groovy upgrade to Grails 2.4 RC2 and SSC 2.0 RC3 reintroduce Codenarc using @SuppressWarnings


Build Status

Adds OAuth-based authentication to the Spring Security plugin using the OAuth plugin.

This plugin provides an OAuth realm that can easily be integrated into existing applications and a host of utility functions to make things like "log in with Twitter" almost trivial.

This README refers to the code currently in the master branch, maybe not yet released.

Please, see Grails plugin portal for instructions about the actual released version.


2.1 (not yet released)

Controller and view are not anymore created in the app but are available as plugin artefacts.

View has a configurable layout via grails.plugin.springsecurity.oauth.layout configuration key.


Version provider's service and token are moved into separate plugin, example:



To install the last version of the plugin you need to add custom repositories to your BuildConfig.groovy:

    mavenRepo ""
    mavenRepo ""

In BuildConfig.groovy, add the dependency to "plugins" section:

    plugins {
        compile ':spring-security-oauth:2.1.0-SNAPSHOT'

        // and also you need add at least one of extensions:
        compile ':spring-security-oauth-facebook:0.1'
        compile ':spring-security-oauth-google:0.1'
        compile ':spring-security-oauth-linkedin:0.1'
        compile ':spring-security-oauth-twitter:0.1'
        compile ':spring-security-oauth-yahoo:0.1'

Change the version to reflect the actual version you would like to use.


Install the plugin as described above by adding a dependency in BuildConfig.groovy. Then follow Spring Security Core and OAuth plugins documentation.

Sample configuration for Spring Security Core request mapping:

grails.plugin.springsecurity.securityConfigType = "InterceptUrlMap"
grails.plugin.springsecurity.interceptUrlMap = [
    '/':                ['permitAll'],
    '/index':           ['permitAll'],
    '/index.gsp':       ['permitAll'],
    '/**/js/**':        ['permitAll'],
    '/**/css/**':       ['permitAll'],
    '/**/images/**':    ['permitAll'],
    '/**/favicon.ico':  ['permitAll'],
    '/login/**':        ['permitAll'],
    '/logout/**':       ['permitAll'],
    '/oauth/**':        ['permitAll']

Sample configuration for OAuth plugin (each provider needs the proper spring-security-oauth-* plugin):

def appName = grails.util.Metadata.current.''
def baseURL = grails.serverURL ?: "http://localhost:${System.getProperty('server.port', '8080')}/${appName}"
oauth {
    debug = true
    providers {
        facebook {
            api = org.scribe.builder.api.FacebookApi
            key = 'oauth_facebook_key'
            secret = 'oauth_facebook_secret'
            successUri = '/oauth/facebook/success'
            failureUri = '/oauth/facebook/failure'
            callback = "${baseURL}/oauth/facebook/callback"
        twitter {
            api = org.scribe.builder.api.TwitterApi
            key = 'oauth_twitter_key'
            secret = 'oauth_twitter_secret'
            successUri = '/oauth/twitter/success'
            failureUri = '/oauth/twitter/failure'
            callback = "${baseURL}/oauth/twitter/callback"
        linkedin {
            api = org.scribe.builder.api.LinkedInApi
            key = 'oauth_linkedin_key'
            secret = 'oauth_linkedin_secret'
            successUri = '/oauth/linkedin/success'
            failureUri = '/oauth/linkedin/failure'
            callback = "${baseURL}/oauth/linkedin/callback"

        // for Google OAuth 1.0 DEPRECATED
        google {
            api = org.scribe.builder.api.GoogleApi
            key = 'oauth_google_key'
            secret = 'oauth_google_secret'
            successUri = '/oauth/google/success'
            failureUri = '/oauth/google/failure'
            callback = "${baseURL}/oauth/google/callback"
            scope = ''

        // for Google OAuth 2.0
        google {
            api = org.grails.plugin.springsecurity.oauth.GoogleApi20
            key = 'oauth_google_key'
            secret = 'oauth_google_secret'
            successUri = '/oauth/google/success'
            failureUri = '/oauth/google/failure'
            callback = "${baseURL}/oauth/google/callback"
            scope = ''

Other configuration keys you can use, are (with their default values): = true
grails.plugin.springsecurity.oauth.domainClass = 'OAuthID'
grails.plugin.springsecurity.oauth.userLookup.oAuthIdsPropertyName = 'oAuthIDs'
grails.plugin.springsecurity.oauth.registration.askToLinkOrCreateAccountUri = '/oauth/askToLinkOrCreateAccount'
grails.plugin.springsecurity.oauth.registration.roleNames = ['ROLE_USER']

Once you have an user domain and configured provider names, go with:

grails s2-init-oauth [domain-class-package] [oauthid-class-name]


grails s2-init-oauth com.yourapp OAuthID

that creates the domain class com.yourapp.OAuthID

Finally, add:

static hasMany = [oAuthIDs: OAuthID]

to you user domain class.

In your view you can use the taglib exposed from this plugin and from OAuth plugin to create links and to know if the user is authenticated with a given provider:

<oauth:connect provider="twitter" id="twitter-connect-link">Twitter</oauth:connect>
<oauth:connect provider="facebook" id="facebook-connect-link">Facebook</oauth:connect>
<oauth:connect provider="google" id="google-connect-link">Google</oauth:connect>
<oauth:connect provider="linkedin" id="linkedin-connect-link">Linkedin</oauth:connect>
<oauth:connect provider="yahoo" id="yahoo-connect-link">Yahoo</oauth:connect>
Logged with facebook? <s2o:ifLoggedInWith provider="facebook">yes</s2o:ifLoggedInWith><s2o:ifNotLoggedInWith provider="facebook">no</s2o:ifNotLoggedInWith>
Logged with twitter? <s2o:ifLoggedInWith provider="twitter">yes</s2o:ifLoggedInWith><s2o:ifNotLoggedInWith provider="twitter">no</s2o:ifNotLoggedInWith>
Logged with google? <s2o:ifLoggedInWith provider="google">yes</s2o:ifLoggedInWith><s2o:ifNotLoggedInWith provider="google">no</s2o:ifNotLoggedInWith>
Logged with linkedin? <s2o:ifLoggedInWith provider="linkedin">yes</s2o:ifLoggedInWith><s2o:ifNotLoggedInWith provider="linkedin">no</s2o:ifNotLoggedInWith>
Logged with yahoo? <s2o:ifLoggedInWith provider="yahoo">yes</s2o:ifLoggedInWith><s2o:ifNotLoggedInWith provider="yahoo">no</s2o:ifNotLoggedInWith>


List of known extensions:


To try out before release use the create-testapps script:

Create a file testapps/s2oauth/testapps-config.groovy (ignored from Git) with your external providers valid credentials

oauth {
    providers {
        facebook {
            key = '...'
            secret = '...'
        twitter {
            key = '...'
            secret = '...'
        linkedin {
            key = '...'
            secret = '...'
        google {
            key = '...'
            secret = '...'

Run ./grailsw compile && ./grailsw create-testapps.

That's it!

Something went wrong with that request. Please try again.