feat: add GitHub OAuth2 authentication support

backend/src/main/java/de/szut/casino/exceptionHandling/exceptions/OAuth2AuthenticationProcessingException.java

@@ -0,0 +1,9 @@
+package de.szut.casino.exceptionHandling.exceptions;
+
+import org.springframework.security.core.AuthenticationException;
+
+public class OAuth2AuthenticationProcessingException extends AuthenticationException {
+    public OAuth2AuthenticationProcessingException(String msg) {
+        super(msg);
+    }
+}

backend/src/main/java/de/szut/casino/security/AuthController.java

@@ -3,6 +3,7 @@ package de.szut.casino.security;
 import de.szut.casino.exceptionHandling.ErrorDetails;
 import de.szut.casino.exceptionHandling.exceptions.EmailNotVerifiedException;
 import de.szut.casino.security.dto.AuthResponseDto;
+import de.szut.casino.security.dto.GithubCallbackDto;
 import de.szut.casino.security.dto.LoginRequestDto;
 import de.szut.casino.security.dto.ResetPasswordDto;
 import de.szut.casino.security.service.AuthService;
@@ -15,14 +16,17 @@ import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.*;
 
 import java.io.IOException;
-import java.util.Date;
 
 @RestController
 @RequestMapping("/auth")
 public class AuthController {
 
+
     @Autowired
     private AuthService authService;
+    
+    @Autowired
+    private GitHubService githubService;
 
     @PostMapping("/login")
     public ResponseEntity<AuthResponseDto> authenticateUser(@Valid @RequestBody LoginRequestDto loginRequest) throws EmailNotVerifiedException {

backend/src/main/java/de/szut/casino/security/GitHubController.java

@@ -0,0 +1,61 @@
+package de.szut.casino.security;
+
+import de.szut.casino.security.dto.AuthResponseDto;
+import de.szut.casino.security.dto.GithubCallbackDto;
+import de.szut.casino.security.jwt.JwtUtils;
+import de.szut.casino.user.AuthProvider;
+import de.szut.casino.user.UserEntity;
+import de.szut.casino.user.UserRepository;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.http.HttpEntity;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpMethod;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.web.bind.annotation.*;
+import org.springframework.web.client.RestTemplate;
+import org.springframework.web.servlet.view.RedirectView;
+
+import java.math.BigDecimal;
+import java.util.*;
+
+@RestController
+@RequestMapping("/oauth2/github")
+public class GitHubController {
+    private static final Logger logger = LoggerFactory.getLogger(GitHubController.class);
+
+    @Value("${spring.security.oauth2.client.registration.github.client-id}")
+    private String clientId;
+
+    @Value("${spring.security.oauth2.client.provider.github.authorization-uri}")
+    private String authorizationUri;
+
+    @Value("${spring.security.oauth2.client.registration.github.redirect-uri}")
+    private String redirectUri;
+
+    @Autowired
+    private GitHubService githubService;
+
+    @GetMapping("/authorize")
+    public RedirectView authorizeGithub() {
+        logger.info("Redirecting to GitHub for authorization");
+        
+        String authUrl = authorizationUri + 
+                "?client_id=" + clientId + 
+                "&redirect_uri=" + redirectUri + 
+                "&scope=user:email,read:user";
+        
+        return new RedirectView(authUrl);
+    }
+
+
+    @PostMapping("/callback")
+    public ResponseEntity<AuthResponseDto> githubCallback(@RequestBody GithubCallbackDto githubCallbackDto) {
+        String code = githubCallbackDto.getCode();
+        AuthResponseDto response = githubService.processGithubCode(code);
+        return ResponseEntity.ok(response);
+    }
+}

backend/src/main/java/de/szut/casino/security/GitHubService.java

@@ -0,0 +1,196 @@
+package de.szut.casino.security;
+
+import de.szut.casino.security.dto.AuthResponseDto;
+import de.szut.casino.security.jwt.JwtUtils;
+import de.szut.casino.user.AuthProvider;
+import de.szut.casino.user.UserEntity;
+import de.szut.casino.user.UserRepository;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.http.HttpEntity;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpMethod;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.stereotype.Service;
+import org.springframework.web.client.RestTemplate;
+
+import java.math.BigDecimal;
+import java.util.*;
+
+@Service
+public class GitHubService {
+    private static final Logger logger = LoggerFactory.getLogger(GitHubService.class);
+
+    @Value("${spring.security.oauth2.client.registration.github.client-id}")
+    private String clientId;
+
+    @Value("${spring.security.oauth2.client.registration.github.client-secret}")
+    private String clientSecret;
+
+    @Autowired
+    private AuthenticationManager authenticationManager;
+
+    @Autowired
+    private UserRepository userRepository;
+
+    @Autowired
+    private JwtUtils jwtUtils;
+
+    @Autowired
+    private PasswordEncoder oauth2PasswordEncoder;
+
+    public AuthResponseDto processGithubCode(String code) {
+        try {
+            // Exchange code for access token
+            RestTemplate restTemplate = new RestTemplate();
+            
+            // Create request body for token endpoint
+            Map<String, String> requestBody = new HashMap<>();
+            requestBody.put("client_id", clientId);
+            requestBody.put("client_secret", clientSecret);
+            requestBody.put("code", code);
+            
+            // Set headers
+            HttpHeaders headers = new HttpHeaders();
+            headers.set("Accept", "application/json");
+            
+            HttpEntity<Map<String, String>> requestEntity = new HttpEntity<>(requestBody, headers);
+            
+            // Get access token
+            ResponseEntity<Map> response = restTemplate.exchange(
+                    "https://github.com/login/oauth/access_token",
+                    HttpMethod.POST,
+                    requestEntity,
+                    Map.class
+            );
+            
+            Map<String, Object> responseBody = response.getBody();
+            logger.info("GitHub token response: {}", responseBody);
+            
+            // Check if there's an error in the response
+            if (responseBody.containsKey("error")) {
+                String error = (String) responseBody.get("error");
+                String errorDescription = (String) responseBody.get("error_description");
+                logger.error("GitHub OAuth error: {} - {}", error, errorDescription);
+                throw new RuntimeException("GitHub OAuth error: " + errorDescription);
+            }
+            
+            String accessToken = (String) responseBody.get("access_token");
+            if (accessToken == null || accessToken.isEmpty()) {
+                logger.error("No access token received from GitHub");
+                throw new RuntimeException("Failed to receive access token from GitHub");
+            }
+            
+            logger.info("Received access token from GitHub");
+            
+            // Get user info
+            HttpHeaders userInfoHeaders = new HttpHeaders();
+            userInfoHeaders.set("Authorization", "Bearer " + accessToken);
+
+            HttpEntity<String> userInfoRequestEntity = new HttpEntity<>(null, userInfoHeaders);
+            
+            logger.info("Making request to GitHub API with token: {}", accessToken.substring(0, 5) + "...");
+            
+            ResponseEntity<Map> userResponse = restTemplate.exchange(
+                    "https://api.github.com/user",
+                    HttpMethod.GET,
+                    userInfoRequestEntity,
+                    Map.class
+            );
+            
+            Map<String, Object> userAttributes = userResponse.getBody();
+            logger.info("Retrieved user info from GitHub: {}", userAttributes.get("login"));
+            
+            // Get user emails
+            HttpHeaders emailsHeaders = new HttpHeaders();
+            emailsHeaders.set("Authorization", "Bearer " + accessToken);
+
+            HttpEntity<String> emailsRequestEntity = new HttpEntity<>(null, emailsHeaders);
+            
+            ResponseEntity<List> emailsResponse = restTemplate.exchange(
+                    "https://api.github.com/user/emails",
+                    HttpMethod.GET,
+                    emailsRequestEntity,
+                    List.class
+            );
+            
+            List<Map<String, Object>> emails = emailsResponse.getBody();
+            String email = null;
+            
+            // Find primary email
+            for (Map<String, Object> emailInfo : emails) {
+                Boolean primary = (Boolean) emailInfo.get("primary");
+                if (primary != null && primary) {
+                    email = (String) emailInfo.get("email");
+                    break;
+                }
+            }
+            
+            // If no primary email, just use the first one
+            if (email == null && !emails.isEmpty()) {
+                email = (String) emails.get(0).get("email");
+            }
+            
+            logger.info("Using email: {}", email);
+            
+            // Process user data
+            String githubId = userAttributes.get("id").toString();
+            String username = (String) userAttributes.get("login");
+            
+            // Check if user exists by provider ID
+            Optional<UserEntity> userOptional = userRepository.findByProviderId(githubId);
+            UserEntity user;
+            
+            if (userOptional.isPresent()) {
+                // Update existing user
+                user = userOptional.get();
+                logger.info("Found existing user with providerId: {}", githubId);
+            } else {
+                // Check if email exists
+                userOptional = userRepository.findByEmail(email);
+                
+                if (userOptional.isPresent()) {
+                    user = userOptional.get();
+                    user.setProvider(AuthProvider.GITHUB);
+                    user.setProviderId(githubId);
+                    logger.info("Updating existing user with email: {}", email);
+                } else {
+                    // Create new user
+                    user = new UserEntity();
+                    user.setEmail(email);
+                    user.setUsername(username);
+                    user.setProvider(AuthProvider.GITHUB);
+                    user.setProviderId(githubId);
+                    user.setEmailVerified(true);
+                    
+                    user.setBalance(new BigDecimal("1000.00"));
+                    logger.info("Creating new user for: {}", username);
+                }
+            }
+
+            String randomPassword = UUID.randomUUID().toString();
+            user.setPassword(oauth2PasswordEncoder.encode(randomPassword));
+            
+            userRepository.save(user);
+
+            Authentication authentication = this.authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(user.getEmail(), randomPassword));
+
+            // Generate JWT token
+            String token = jwtUtils.generateToken(authentication);
+            logger.info("Generated JWT token");
+
+            return new AuthResponseDto(token);
+            
+        } catch (Exception e) {
+            logger.error("Error processing GitHub code", e);
+            throw new RuntimeException("Failed to process GitHub authentication", e);
+        }
+    }
+}

backend/src/main/java/de/szut/casino/security/SecurityConfig.java

@@ -1,6 +1,8 @@
 package de.szut.casino.security;
 
 import de.szut.casino.security.jwt.JwtAuthenticationFilter;
+import de.szut.casino.security.oauth2.CustomOAuth2UserService;
+import de.szut.casino.security.oauth2.OAuth2AuthenticationSuccessHandler;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
@@ -31,12 +33,16 @@ public class SecurityConfig {
 
     @Value("${app.frontend-host}")
     private String frontendHost;
+    
+    @Value("${app.oauth2.authorizedRedirectUris}")
+    private String authorizedRedirectUri;
 
     @Autowired
     private UserDetailsService userDetailsService;
 
     @Autowired
     private JwtAuthenticationFilter jwtAuthenticationFilter;
+    
 
     @Bean
     public DaoAuthenticationProvider authenticationProvider() {
@@ -65,10 +71,12 @@ public class SecurityConfig {
             .csrf(csrf -> csrf.disable())
             .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
             .authorizeHttpRequests(auth -> {
-                auth.requestMatchers("/auth/**", "/webhook", "/swagger/**", "/swagger-ui/**", "/health", "/error").permitAll()
+                auth.requestMatchers("/auth/**", "/webhook", "/swagger/**", "/swagger-ui/**", "/health", "/error", "/oauth2/**").permitAll()
                     .requestMatchers(org.springframework.http.HttpMethod.OPTIONS, "/**").permitAll()
                     .anyRequest().authenticated();
                 })
+            // Disable Spring's built-in OAuth2 login since we're implementing a custom flow
+            // We're using our own GitHubController for OAuth2 login
             .authenticationProvider(authenticationProvider())
             .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
 

backend/src/main/java/de/szut/casino/security/dto/GithubCallbackDto.java

@@ -0,0 +1,8 @@
+package de.szut.casino.security.dto;
+
+import lombok.Data;
+
+@Data
+public class GithubCallbackDto {
+    private String code;
+}

backend/src/main/java/de/szut/casino/security/jwt/JwtUtils.java

@@ -1,12 +1,16 @@
 package de.szut.casino.security.jwt;
 
+import de.szut.casino.security.oauth2.UserPrincipal;
 import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.SignatureAlgorithm;
 import io.jsonwebtoken.security.Keys;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.oauth2.core.user.OAuth2User;
 import org.springframework.stereotype.Component;
 
 import java.security.Key;
@@ -17,6 +21,7 @@ import java.util.function.Function;
 
 @Component
 public class JwtUtils {
+    private static final Logger logger = LoggerFactory.getLogger(JwtUtils.class);
 
     @Value("${jwt.secret}")
     private String jwtSecret;
@@ -29,8 +34,26 @@ public class JwtUtils {
     }
 
     public String generateToken(Authentication authentication) {
-        UserDetails userDetails = (UserDetails) authentication.getPrincipal();
-        return generateToken(userDetails.getUsername());
+        String subject = null;
+        Map<String, Object> claims = new HashMap<>();
+
+        if (authentication.getPrincipal() instanceof UserPrincipal) {
+            UserPrincipal userPrincipal = (UserPrincipal) authentication.getPrincipal();
+            subject = userPrincipal.getEmail();
+            claims.put("id", userPrincipal.getId());
+            claims.put("username", userPrincipal.getDisplayUsername());
+            logger.info("Generating token for UserPrincipal: {}", subject);
+        } else if (authentication.getPrincipal() instanceof OAuth2User) {
+            OAuth2User oauth2User = (OAuth2User) authentication.getPrincipal();
+            subject = (String) oauth2User.getAttributes().get("email");
+            logger.info("Generating token for OAuth2User: {}", subject);
+        } else {
+            UserDetails userDetails = (UserDetails) authentication.getPrincipal();
+            subject = userDetails.getUsername();
+            logger.info("Generating token for UserDetails: {}", subject);
+        }
+
+        return createToken(claims, subject);
     }
 
     public String generateToken(String username) {
@@ -40,6 +63,9 @@ public class JwtUtils {
 
     private String createToken(Map<String, Object> claims, String subject) {
         Date now = new Date();
+        logger.info("now: {}", now);
+        logger.info("jwtExpirationMs: {}", jwtExpirationMs);
+        logger.info("expiryDate: {}", new Date(now.getTime() + jwtExpirationMs));
         Date expiryDate = new Date(now.getTime() + jwtExpirationMs);
 
         return Jwts.builder()

backend/src/main/java/de/szut/casino/security/oauth2/CustomOAuth2UserService.java

@@ -0,0 +1,108 @@
+package de.szut.casino.security.oauth2;
+
+import de.szut.casino.exceptionHandling.exceptions.OAuth2AuthenticationProcessingException;
+import de.szut.casino.user.AuthProvider;
+import de.szut.casino.user.UserEntity;
+import de.szut.casino.user.UserRepository;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.authentication.InternalAuthenticationServiceException;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.oauth2.client.userinfo.DefaultOAuth2UserService;
+import org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest;
+import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
+import org.springframework.security.oauth2.core.user.OAuth2User;
+import org.springframework.stereotype.Service;
+import org.springframework.util.StringUtils;
+
+import java.math.BigDecimal;
+import java.util.Optional;
+import java.util.UUID;
+
+@Service
+public class CustomOAuth2UserService extends DefaultOAuth2UserService {
+
+    @Autowired
+    private UserRepository userRepository;
+    
+    @Autowired
+    private PasswordEncoder oauth2PasswordEncoder;
+
+    @Override
+    public OAuth2User loadUser(OAuth2UserRequest oAuth2UserRequest) throws OAuth2AuthenticationException {
+        OAuth2User oAuth2User = super.loadUser(oAuth2UserRequest);
+
+        try {
+            return processOAuth2User(oAuth2UserRequest, oAuth2User);
+        } catch (AuthenticationException ex) {
+            throw ex;
+        } catch (Exception ex) {
+            throw new InternalAuthenticationServiceException(ex.getMessage(), ex.getCause());
+        }
+    }
+
+    private OAuth2User processOAuth2User(OAuth2UserRequest oAuth2UserRequest, OAuth2User oAuth2User) {
+        String registrationId = oAuth2UserRequest.getClientRegistration().getRegistrationId();
+        OAuth2UserInfo oAuth2UserInfo = OAuth2UserInfoFactory.getOAuth2UserInfo(registrationId, oAuth2User.getAttributes());
+        
+        // For GitHub, the email might not be directly available in attributes
+        String email = oAuth2UserInfo.getEmail();
+        if (StringUtils.isEmpty(email)) {
+            email = oAuth2UserInfo.getName() + "@github.user";
+        }
+
+        Optional<UserEntity> userOptional = userRepository.findByEmail(email);
+        UserEntity user;
+        
+        if(userOptional.isPresent()) {
+            user = userOptional.get();
+            
+            if(!user.getProvider().equals(AuthProvider.valueOf(registrationId.toUpperCase()))) {
+                throw new OAuth2AuthenticationProcessingException("You're signed up with " + 
+                        user.getProvider() + ". Please use your " + user.getProvider() + 
+                        " account to login.");
+            }
+            
+            user = updateExistingUser(user, oAuth2UserInfo);
+        } else {
+            user = registerNewUser(oAuth2UserRequest, oAuth2UserInfo, email);
+        }
+
+        return UserPrincipal.create(user, oAuth2User.getAttributes());
+    }
+
+    private UserEntity registerNewUser(OAuth2UserRequest oAuth2UserRequest, OAuth2UserInfo oAuth2UserInfo, String email) {
+        UserEntity user = new UserEntity();
+        
+        String username = oAuth2UserInfo.getName();
+        if (StringUtils.isEmpty(username)) {
+            username = "github_" + oAuth2UserInfo.getId();
+        }
+        
+        // Check if username already exists and append a suffix if needed
+        if (userRepository.findByUsername(username).isPresent()) {
+            username = username + "_" + UUID.randomUUID().toString().substring(0, 8);
+        }
+
+        user.setProvider(AuthProvider.valueOf(oAuth2UserRequest.getClientRegistration().getRegistrationId().toUpperCase()));
+        user.setProviderId(oAuth2UserInfo.getId());
+        user.setUsername(username);
+        user.setEmail(email);
+        user.setEmailVerified(true);
+        
+        // Generate a random password for OAuth users (they won't use it)
+        String randomPassword = UUID.randomUUID().toString();
+        user.setPassword(oauth2PasswordEncoder.encode(randomPassword));
+        
+        user.setBalance(new BigDecimal("1000.00")); // Starting balance
+        
+        return userRepository.save(user);
+    }
+
+    private UserEntity updateExistingUser(UserEntity existingUser, OAuth2UserInfo oAuth2UserInfo) {
+        if (!StringUtils.isEmpty(oAuth2UserInfo.getName())) {
+            existingUser.setUsername(oAuth2UserInfo.getName());
+        }
+        return userRepository.save(existingUser);
+    }
+}

backend/src/main/java/de/szut/casino/security/oauth2/GitHubOAuth2UserInfo.java

@@ -0,0 +1,30 @@
+package de.szut.casino.security.oauth2;
+
+import java.util.Map;
+
+public class GitHubOAuth2UserInfo extends OAuth2UserInfo {
+    
+    public GitHubOAuth2UserInfo(Map<String, Object> attributes) {
+        super(attributes);
+    }
+
+    @Override
+    public String getId() {
+        return ((Integer) attributes.get("id")).toString();
+    }
+
+    @Override
+    public String getName() {
+        return (String) attributes.get("name");
+    }
+
+    @Override
+    public String getEmail() {
+        return (String) attributes.get("email");
+    }
+
+    @Override
+    public String getImageUrl() {
+        return (String) attributes.get("avatar_url");
+    }
+}

backend/src/main/java/de/szut/casino/security/oauth2/OAuth2AuthenticationSuccessHandler.java

@@ -0,0 +1,61 @@
+package de.szut.casino.security.oauth2;
+
+import de.szut.casino.security.jwt.JwtUtils;
+import de.szut.casino.user.UserEntity;
+import de.szut.casino.user.UserRepository;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
+import org.springframework.stereotype.Component;
+import org.springframework.web.util.UriComponentsBuilder;
+
+import java.io.IOException;
+
+@Component
+public class OAuth2AuthenticationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {
+    private static final Logger logger = LoggerFactory.getLogger(OAuth2AuthenticationSuccessHandler.class);
+
+    @Value("${app.oauth2.authorizedRedirectUris}")
+    private String redirectUri;
+
+    @Autowired
+    private JwtUtils jwtUtils;
+    
+    @Autowired
+    private UserRepository userRepository;
+
+    @Override
+    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
+            throws IOException, ServletException {
+        String targetUrl = determineTargetUrl(authentication);
+        
+        logger.info("OAuth2 Authentication successful, redirecting to: {}", targetUrl);
+
+        if (response.isCommitted()) {
+            logger.debug("Response has already been committed. Unable to redirect to " + targetUrl);
+            return;
+        }
+
+        clearAuthenticationAttributes(request);
+        getRedirectStrategy().sendRedirect(request, response, targetUrl);
+    }
+
+    private String determineTargetUrl(Authentication authentication) {
+        String token = jwtUtils.generateToken(authentication);
+        
+        if (authentication.getPrincipal() instanceof UserPrincipal) {
+            UserPrincipal userPrincipal = (UserPrincipal) authentication.getPrincipal();
+            logger.info("User authenticated: ID={}, Email={}", userPrincipal.getId(), userPrincipal.getEmail());
+        }
+        
+        return UriComponentsBuilder.fromUriString(redirectUri)
+                .queryParam("token", token)
+                .build().toUriString();
+    }
+}

backend/src/main/java/de/szut/casino/security/oauth2/OAuth2Config.java

@@ -0,0 +1,15 @@
+package de.szut.casino.security.oauth2;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+@Configuration
+public class OAuth2Config {
+
+    @Bean
+    public PasswordEncoder oauth2PasswordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
+}

backend/src/main/java/de/szut/casino/security/oauth2/OAuth2UserInfo.java

@@ -0,0 +1,23 @@
+package de.szut.casino.security.oauth2;
+
+import java.util.Map;
+
+public abstract class OAuth2UserInfo {
+    protected Map<String, Object> attributes;
+
+    public OAuth2UserInfo(Map<String, Object> attributes) {
+        this.attributes = attributes;
+    }
+
+    public Map<String, Object> getAttributes() {
+        return attributes;
+    }
+
+    public abstract String getId();
+
+    public abstract String getName();
+
+    public abstract String getEmail();
+
+    public abstract String getImageUrl();
+}

backend/src/main/java/de/szut/casino/security/oauth2/OAuth2UserInfoFactory.java

@@ -0,0 +1,17 @@
+package de.szut.casino.security.oauth2;
+
+import de.szut.casino.exceptionHandling.exceptions.OAuth2AuthenticationProcessingException;
+import de.szut.casino.user.AuthProvider;
+
+import java.util.Map;
+
+public class OAuth2UserInfoFactory {
+    
+    public static OAuth2UserInfo getOAuth2UserInfo(String registrationId, Map<String, Object> attributes) {
+        if(registrationId.equalsIgnoreCase(AuthProvider.GITHUB.toString())) {
+            return new GitHubOAuth2UserInfo(attributes);
+        } else {
+            throw new OAuth2AuthenticationProcessingException("Sorry! Login with " + registrationId + " is not supported yet.");
+        }
+    }
+}

backend/src/main/java/de/szut/casino/security/oauth2/UserPrincipal.java

@@ -0,0 +1,110 @@
+package de.szut.casino.security.oauth2;
+
+import de.szut.casino.user.UserEntity;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.oauth2.core.user.OAuth2User;
+
+import java.util.Collection;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+
+public class UserPrincipal implements OAuth2User, UserDetails {
+    private Long id;
+    private String email;
+    private String username;
+    private String password;
+    private Collection<? extends GrantedAuthority> authorities;
+    private Map<String, Object> attributes;
+
+    public UserPrincipal(Long id, String email, String username, String password, Collection<? extends GrantedAuthority> authorities) {
+        this.id = id;
+        this.email = email;
+        this.username = username;
+        this.password = password;
+        this.authorities = authorities;
+    }
+
+    public static UserPrincipal create(UserEntity user) {
+        List<GrantedAuthority> authorities = Collections.
+                singletonList(new SimpleGrantedAuthority("ROLE_USER"));
+
+        return new UserPrincipal(
+                user.getId(),
+                user.getEmail(),
+                user.getUsername(),
+                user.getPassword(),
+                authorities
+        );
+    }
+
+    public static UserPrincipal create(UserEntity user, Map<String, Object> attributes) {
+        UserPrincipal userPrincipal = UserPrincipal.create(user);
+        userPrincipal.setAttributes(attributes);
+        return userPrincipal;
+    }
+
+    public Long getId() {
+        return id;
+    }
+
+    public String getEmail() {
+        return email;
+    }
+
+    @Override
+    public String getPassword() {
+        return password;
+    }
+
+    @Override
+    public String getUsername() {
+        // We're using email as the username for authentication
+        return email;
+    }
+    
+    public String getDisplayUsername() {
+        return username;
+    }
+
+    @Override
+    public boolean isAccountNonExpired() {
+        return true;
+    }
+
+    @Override
+    public boolean isAccountNonLocked() {
+        return true;
+    }
+
+    @Override
+    public boolean isCredentialsNonExpired() {
+        return true;
+    }
+
+    @Override
+    public boolean isEnabled() {
+        return true;
+    }
+
+    @Override
+    public Collection<? extends GrantedAuthority> getAuthorities() {
+        return authorities;
+    }
+
+    @Override
+    public Map<String, Object> getAttributes() {
+        return attributes;
+    }
+
+    public void setAttributes(Map<String, Object> attributes) {
+        this.attributes = attributes;
+    }
+
+    @Override
+    public String getName() {
+        return String.valueOf(id);
+    }
+}

backend/src/main/java/de/szut/casino/security/service/AuthService.java

@@ -19,7 +19,6 @@ import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Service;
 
-import javax.swing.text.html.Option;
 import java.io.IOException;
 import java.util.Optional;
 

backend/src/main/java/de/szut/casino/user/AuthProvider.java

@@ -0,0 +1,6 @@
+package de.szut.casino.user;
+
+public enum AuthProvider {
+    LOCAL,
+    GITHUB
+}

backend/src/main/java/de/szut/casino/user/UserEntity.java

@@ -2,6 +2,8 @@ package de.szut.casino.user;
 
 import jakarta.persistence.Column;
 import jakarta.persistence.Entity;
+import jakarta.persistence.EnumType;
+import jakarta.persistence.Enumerated;
 import jakarta.persistence.GeneratedValue;
 import jakarta.persistence.Id;
 import lombok.Getter;
@@ -35,6 +37,11 @@ public class UserEntity {
     private String verificationToken;
 
     private String passwordResetToken;
+    
+    @Enumerated(EnumType.STRING)
+    private AuthProvider provider = AuthProvider.LOCAL;
+    
+    private String providerId;
 
     public UserEntity(String email, String username, String password, BigDecimal balance, String verificationToken) {
         this.email = email;
@@ -42,6 +49,16 @@ public class UserEntity {
         this.password = password;
         this.balance = balance;
         this.verificationToken = verificationToken;
+        this.provider = AuthProvider.LOCAL;
+    }
+    
+    public UserEntity(String email, String username, AuthProvider provider, String providerId, BigDecimal balance) {
+        this.email = email;
+        this.username = username;
+        this.provider = provider;
+        this.providerId = providerId;
+        this.balance = balance;
+        this.emailVerified = true; // OAuth providers verify emails
     }
 
     public void addBalance(BigDecimal amountToAdd) {

backend/src/main/java/de/szut/casino/user/UserRepository.java

@@ -12,6 +12,8 @@ public interface UserRepository extends JpaRepository<UserEntity, Long> {
     
     Optional<UserEntity> findByEmail(String email);
     
+    Optional<UserEntity> findByProviderId(String providerId);
+    
     boolean existsByUsername(String username);
     
     boolean existsByEmail(String email);

backend/src/main/resources/application.properties

@@ -28,3 +28,16 @@ logging.level.org.springframework.security=DEBUG
 springdoc.swagger-ui.path=swagger
 springdoc.swagger-ui.try-it-out-enabled=true
 
+# GitHub OAuth2 Configuration
+spring.security.oauth2.client.registration.github.client-id=${GITHUB_CLIENT_ID:Ov23lingzZsPn1wwACoK}
+spring.security.oauth2.client.registration.github.client-secret=${GITHUB_CLIENT_SECRET:4b327fb3b1ab67584a03bcb9d53fa6439fbccad7}
+spring.security.oauth2.client.registration.github.redirect-uri=${app.frontend-host}/oauth2/callback/github
+spring.security.oauth2.client.registration.github.scope=user:email,read:user
+spring.security.oauth2.client.provider.github.authorization-uri=https://github.com/login/oauth/authorize
+spring.security.oauth2.client.provider.github.token-uri=https://github.com/login/oauth/access_token
+spring.security.oauth2.client.provider.github.user-info-uri=https://api.github.com/user
+spring.security.oauth2.client.provider.github.user-name-attribute=login
+
+# OAuth Success and Failure URLs
+app.oauth2.authorizedRedirectUris=${app.frontend-host}/auth/oauth2/callback
+