Spring Security OAuth

Support for using Spring Security with OAuth (1a) and OAuth2.

Quick Start
Fork me on GitHub

Spring Security OAuth provides support for using Spring Security with OAuth (1a) and OAuth2 using standard Spring and Spring Security programming models and configuration idioms.


  • Support for OAuth providers and OAuth consumers
  • Oauth 1(a) (including two-legged OAuth, a.k.a. "Signed Fetch")
  • OAuth 2.0.

Quick Start


The recommended way to get started using spring-security-oauth in your project is with a dependency management system – the snippet below can be copied and pasted into your build. Need help? See our getting started guides on building with Maven and Gradle.

Applying security to an application is not for the faint of heart, and OAuth is no exception. Before you get started, you're going to want to make sure you understand OAuth and the problem it's designed to address. There is good documentation at the OAuth site. You will also want to make sure you understand how Spring and Spring Security work.

You're going to want to be quite familiar with both OAuth (and/or OAuth2) and Spring Security, to maximize the effectiveness of this developers guide. OAuth for Spring Security is tightly tied to both technologies, so the more familiar you are with them, the more likely you'll be to recognize the terminology and patterns that are used.