How to write a Vaadin client to an OAUTH2 protected Rest API backend?

Below is the scenario I’m trying to help a user with.

They have everything rest API based. The rest API is secured with OAUTH2 and it is all Cassandra based.

There is a TokenGenerator API which is used to send the username/password and it does all the OAuth2 steps with the backend returning an OAuth2 Token if successful.

So what the user needs on a Vaadin client app are:

  • When apps starts, there is a login page. On that login page, the user authenticates, if successful he gest the OAuth2 token.

  • With that, the app goes to a Dashboard.

  • On that Dashboard there are menus,graphs, tables etc all driven to API calls to the REST back end.

  • Everytime the Vaadin client calls the backend, it sends that Token from authentication.

  • If the token is invalid, that is http code 401 then the user needs to be redirected to the login page.

This generates all the POJOS for the API backend. Their code base and IP is about a 1 million of Java code (excluding comments and spaces).

So, in other to use Vaadin, the user is trying to learn:

  • How to write a Vaadin app that is a client to a rest API.
  • How to do that login functionality about.
  • How to add Oauth2 on the request.

He also wrote Client code in Java to do the interface with the backend as they have external jobs that always talk to the APIs. With that, he has services for it.

So creating a Vaadin with Spring app as the client app, the user is able to leverage all that as Spring services so that the calls are done by creating the objects from the request pojos and the system serializing it via the clients he wrote.

The user has all the components,l. He’s now trying to understand how to write a Vaadin client to an OAUTH2 protected Rest API backend.

Do we have any resources on the above topic or a smarter workaround for what he’s trying to accomplish?

Since they are using Spring already I would follow and use their back end for the login process and have Spring OAuth ( do all the heavy lifting. Now you can use a RestTemplate ( to consume the services and add the respective token via an interceptor. The same interceptor can also check whether the back end returned a 401 and, upon receiving it, invalidate the session and force a re-login.

Hi! There is also updated tutorial “Using OAuth 2 and Google Sign-in for a Vaadin 14 application” available here: