# JustAuth — Universal Third-Party Login Library for Java > An out-of-the-box Java library for integrating social login from 30+ providers including GitHub, Google, Facebook, WeChat, and more with a unified API. ## Install Save in your project root: # JustAuth — Universal Third-Party Login Library for Java ## Quick Use ```xml me.zhyd.oauth JustAuth 1.16.7 ``` ```java AuthRequest authRequest = new AuthGithubRequest(AuthConfig.builder() .clientId("your-client-id") .clientSecret("your-client-secret") .redirectUri("https://yourapp.com/callback") .build()); String authorizeUrl = authRequest.authorize(AuthStateUtils.createState()); ``` ## Introduction JustAuth removes the repetitive work of implementing OAuth login flows for multiple social providers. It normalizes the authorization code exchange and user profile retrieval across 30+ platforms behind a single, consistent Java interface. ## What JustAuth Does - Implements OAuth 2.0 / OAuth 1.0a flows for 30+ identity providers - Returns a unified AuthUser object regardless of the provider - Handles state parameter generation, token exchange, and user info requests - Supports providers like GitHub, Google, Facebook, Twitter, Apple, GitLab, and more - Provides optional PKCE and custom scope configuration per provider ## Architecture Overview JustAuth defines an AuthRequest interface with authorize() and login() methods. Each provider has a concrete implementation that encodes the platform-specific OAuth endpoints, scopes, and profile API. The library handles HTTP communication internally, parses provider-specific JSON responses, and maps them to a common AuthUser model with fields like uuid, username, avatar, and email. ## Self-Hosting & Configuration - Add JustAuth as a Maven dependency to your Spring Boot or plain Java project - Register OAuth apps on each provider and obtain client ID and secret - Create an AuthConfig with clientId, clientSecret, and redirectUri - Instantiate the provider-specific AuthRequest and call authorize() - Handle the callback by calling login(AuthCallback) to receive the AuthUser ## Key Features - Unified AuthUser model across all providers simplifies downstream logic - State parameter management prevents CSRF attacks on the OAuth callback - Custom HTTP client adapter for environments with specific proxy or TLS needs - Extensible design allows adding custom OAuth providers via the SPI - Zero Spring dependency; works in any Java application ## Comparison with Similar Tools - **Spring Security OAuth2 Client** — deep Spring integration but more configuration; JustAuth is provider-focused and framework-agnostic - **Passport.js** — Node.js strategy-based auth; JustAuth serves the same purpose in Java - **Auth.js (NextAuth)** — JavaScript/TypeScript ecosystem; JustAuth targets JVM applications - **Socialite (Laravel)** — PHP social login; JustAuth is the Java equivalent with broader provider coverage ## FAQ **Q: Which social providers does JustAuth support?** A: Over 30, including GitHub, Google, Facebook, Twitter, Apple, GitLab, Bitbucket, LinkedIn, Amazon, Slack, Discord, and several Chinese platforms. **Q: Does JustAuth handle token refresh?** A: Yes. Providers that support refresh tokens expose a refresh() method on their AuthRequest. **Q: Can I add a provider not yet supported?** A: Yes. Implement the AuthSource and AuthRequest interfaces to register a custom provider. **Q: Does it work with Spring Boot auto-configuration?** A: The community justauth-spring-boot-starter provides auto-configuration and YAML-based provider setup. ## Sources - https://github.com/justauth/JustAuth - https://www.justauth.cn --- Source: https://tokrepo.com/en/workflows/asset-1a624c2b Author: AI Open Source