GitHub OAuth 2.0 Scribe Java Example

Github OAuth ServiceConfig and ServiceProvider Bean

<bean id="githubServiceConfig" class="com.example.oauth.OAuthServiceConfig">
		<constructor-arg value="xxx" />
		<constructor-arg value="xxx"/>
		<constructor-arg value=""/>
		<!--  <constructor-arg value="user,public_repo"/>-->
		<constructor-arg value="com.example.oauth.GithubOauthApi"/>
	<bean id="githubServiceProvider" class="com.example.oauth.OAuthServiceProvider">
		<constructor-arg name="config" ref="githubServiceConfig" />

Github OAuth Spring MVC Controller

package com.example.oauth.controller;

import static org.springframework.web.context.request.RequestAttributes.SCOPE_SESSION;

import java.util.Map;

import javax.servlet.http.HttpSession;

import org.scribe.model.Token;
import org.scribe.model.Verifier;
import org.scribe.oauth.OAuthService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import org.springframework.web.context.request.WebRequest;
import org.springframework.web.servlet.ModelAndView;

import com.example.oauth.OAuthServiceProvider;

public class GitHubController {
	private OAuthServiceProvider githubServiceProvider;
	private static final Token EMPTY_TOKEN = null;
	@RequestMapping(value = "/login-github", method = RequestMethod.GET)
	public String loginToGithub(Map<String, Object> map, WebRequest request) {
		OAuthService service = githubServiceProvider.getService();
		String auth = service.getAuthorizationUrl(EMPTY_TOKEN);
		System.out.println("RequestToken: " + auth);
		return "redirect:" + auth;

	@RequestMapping(value = { "" }, method = RequestMethod.GET)
	public String callback(
			@RequestParam(value = "oauth_token", required = false) String oauthToken,
			@RequestParam(value = "code", required = false) String oauthVerifier,
			WebRequest request, Map<String, Object> map) {

		// getting request token
		OAuthService service = githubServiceProvider.getService();
		Token requestToken = (Token) request.getAttribute("oauthRequestToken",

		// getting access token
		Verifier verifier = new Verifier(oauthVerifier);
		Token accessToken = service.getAccessToken(requestToken, verifier);

		// store access token as a session attribute
		request.setAttribute("oauthAccessToken", accessToken, SCOPE_SESSION);

		ServletRequestAttributes attr = (ServletRequestAttributes) RequestContextHolder
		HttpSession session = attr.getRequest().getSession(false); // create a
		session.setAttribute("accessToken", accessToken);

		return "settings";

GithubOauthApi extends DefaultApi20

package com.example.oauth;

import org.scribe.builder.api.DefaultApi20;
import org.scribe.model.OAuthConfig;

public class GithubOauthApi extends DefaultApi20{

	private static final String ACCESSTOKEN="";
	public String getAccessTokenEndpoint() {
		// TODO Auto-generated method stub

	public String getAuthorizationUrl(OAuthConfig config) {
		// TODO Auto-generated method stub
		return String.format("", config.getApiKey(), config.getScope(), config.getCallback());


  1. Jerry says:

    I read a lot of interesting posts here. Probably
    you spend a lot of time writing, i know how to save you a lot of time, there is an online tool that creates unique, google friendly
    posts in seconds, just type in google – laranitas free content source

  2. pik says:

    hi, you should escape parameters, especially redirect_uri

  3. What’s up every one, here every person is sharing such knowledge, thus it’s pleasant
    to read this blog, and I used to visit this blog everyday.

Leave a Comment

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s