[whstl]

> Like, what other option is there?

For this specific case there's plenty...

You can use the battle-tested libraries wrapped by Spring directly. For OAuth specifically, Spring does very little.

You can use other frameworks that also have those features, in Java or in other languages.

You can use a paid authentication services.

You can use an open source authentication services.

[okeuro49]

> You can use the battle-tested libraries wrapped by Spring directly. For OAuth specifically, Spring does very little.

Then you have to work to make the libraries all work together. And deal with updates. Spring Boot allows to to update all libraries together, and know that they work together.

[whstl]

For this you setup tests and a CI, which is basic stuff that you can't really skip with Spring.

If you don't want or know how to do this, then there are all the other solutions.

Either way: authentication in a Spring app is the definition of "reinventing the wheel".

[gf000]

I was talking more abstractly, in that understanding a given feature to be able to configure it properly is not optional (besides asking someone else to handle some part of the complexity e.g. third party authentication services in this case).

[whstl]

But in none of those you "end up spending time messing around with config files and annotations", which was the problem mentioned by the grandparent.

So yes: there are other options.