diff --git a/spring-5-security/pom.xml b/spring-5-security/pom.xml
index 8cca2ed916..7024e6f873 100644
--- a/spring-5-security/pom.xml
+++ b/spring-5-security/pom.xml
@@ -58,6 +58,12 @@
             <artifactId>spring-security-test</artifactId>
             <scope>test</scope>
         </dependency>
+
+        <dependency>
+            <groupId>org.springframework.security.oauth.boot</groupId>
+            <artifactId>spring-security-oauth2-autoconfigure</artifactId>
+            <version>2.0.1.RELEASE</version>
+        </dependency>
     </dependencies>
 
     <build>
diff --git a/spring-5-security/src/main/java/com/baeldung/oauth2extractors/ExtractorsApplication.java b/spring-5-security/src/main/java/com/baeldung/oauth2extractors/ExtractorsApplication.java
new file mode 100644
index 0000000000..c9a18d1599
--- /dev/null
+++ b/spring-5-security/src/main/java/com/baeldung/oauth2extractors/ExtractorsApplication.java
@@ -0,0 +1,20 @@
+package com.baeldung.oauth2extractors;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+
+@SpringBootApplication
+@Controller
+public class ExtractorsApplication {
+    public static void main(String[] args) {
+        SpringApplication.run(ExtractorsApplication.class, args);
+    }
+
+    @RequestMapping("/")
+    public String index() {
+        return "oauth2_extractors";
+    }
+
+}
diff --git a/spring-5-security/src/main/java/com/baeldung/oauth2extractors/configuration/SecurityConfig.java b/spring-5-security/src/main/java/com/baeldung/oauth2extractors/configuration/SecurityConfig.java
new file mode 100644
index 0000000000..cc1258d14b
--- /dev/null
+++ b/spring-5-security/src/main/java/com/baeldung/oauth2extractors/configuration/SecurityConfig.java
@@ -0,0 +1,40 @@
+package com.baeldung.oauth2extractors.configuration;
+
+import com.baeldung.oauth2extractors.extractor.CustomAuthoritiesExtractor;
+import com.baeldung.oauth2extractors.extractor.CustomPrincipalExtractor;
+import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso;
+import org.springframework.boot.autoconfigure.security.oauth2.resource.AuthoritiesExtractor;
+import org.springframework.boot.autoconfigure.security.oauth2.resource.PrincipalExtractor;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.PropertySource;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+
+@Configuration
+@PropertySource("application-oauth2-extractors.properties")
+@EnableOAuth2Sso
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http.antMatcher("/**")
+                .authorizeRequests()
+                .antMatchers("/login**")
+                .permitAll()
+                .anyRequest()
+                .authenticated()
+                .and()
+                .formLogin().disable();
+    }
+
+    @Bean
+    public PrincipalExtractor principalExtractor() {
+        return new CustomPrincipalExtractor();
+    }
+
+    @Bean
+    public AuthoritiesExtractor authoritiesExtractor() {
+        return new CustomAuthoritiesExtractor();
+    }
+}
\ No newline at end of file
diff --git a/spring-5-security/src/main/java/com/baeldung/oauth2extractors/extractor/CustomAuthoritiesExtractor.java b/spring-5-security/src/main/java/com/baeldung/oauth2extractors/extractor/CustomAuthoritiesExtractor.java
new file mode 100644
index 0000000000..ad23f6c32f
--- /dev/null
+++ b/spring-5-security/src/main/java/com/baeldung/oauth2extractors/extractor/CustomAuthoritiesExtractor.java
@@ -0,0 +1,29 @@
+package com.baeldung.oauth2extractors.extractor;
+
+import org.springframework.boot.autoconfigure.security.oauth2.resource.AuthoritiesExtractor;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.AuthorityUtils;
+
+import java.util.LinkedHashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+
+public class CustomAuthoritiesExtractor implements AuthoritiesExtractor {
+    private List<GrantedAuthority> GITHUB_FREE_AUTHORITIES = AuthorityUtils
+            .commaSeparatedStringToAuthorityList("GITHUB_USER,GITHUB_USER_FREE");
+    private List<GrantedAuthority> GITHUB_SUBSCRIBED_AUTHORITIES = AuthorityUtils
+            .commaSeparatedStringToAuthorityList("GITHUB_USER,GITHUB_USER_SUBSCRIBED");
+
+    @Override
+    public List<GrantedAuthority> extractAuthorities(Map<String, Object> map) {
+        if (Objects.nonNull(map.get("plan"))) {
+            if (!((LinkedHashMap) map.get("plan"))
+                    .get("name")
+                    .equals("free")) {
+                return GITHUB_SUBSCRIBED_AUTHORITIES;
+            }
+        }
+        return GITHUB_FREE_AUTHORITIES;
+    }
+}
diff --git a/spring-5-security/src/main/java/com/baeldung/oauth2extractors/extractor/CustomPrincipalExtractor.java b/spring-5-security/src/main/java/com/baeldung/oauth2extractors/extractor/CustomPrincipalExtractor.java
new file mode 100644
index 0000000000..c35522f0f3
--- /dev/null
+++ b/spring-5-security/src/main/java/com/baeldung/oauth2extractors/extractor/CustomPrincipalExtractor.java
@@ -0,0 +1,13 @@
+package com.baeldung.oauth2extractors.extractor;
+
+import org.springframework.boot.autoconfigure.security.oauth2.resource.PrincipalExtractor;
+
+import java.util.Map;
+
+public class CustomPrincipalExtractor implements PrincipalExtractor {
+
+    @Override
+    public Object extractPrincipal(Map<String, Object> map) {
+        return map.get("login");
+    }
+}
diff --git a/spring-5-security/src/main/resources/application-oauth2-extractors.properties b/spring-5-security/src/main/resources/application-oauth2-extractors.properties
new file mode 100644
index 0000000000..51d6ee7d6e
--- /dev/null
+++ b/spring-5-security/src/main/resources/application-oauth2-extractors.properties
@@ -0,0 +1,6 @@
+security.oauth2.client.client-id=89a7c4facbb3434d599d
+security.oauth2.client.client-secret=9b3b08e4a340bd20e866787e4645b54f73d74b6a
+security.oauth2.client.access-token-uri=https://github.com/login/oauth/access_token
+security.oauth2.client.user-authorization-uri=https://github.com/login/oauth/authorize
+security.oauth2.client.scope=read:user,user:email
+security.oauth2.resource.user-info-uri=https://api.github.com/user
\ No newline at end of file
diff --git a/spring-5-security/src/main/resources/templates/oauth2_extractors.html b/spring-5-security/src/main/resources/templates/oauth2_extractors.html
new file mode 100644
index 0000000000..414dd54a42
--- /dev/null
+++ b/spring-5-security/src/main/resources/templates/oauth2_extractors.html
@@ -0,0 +1,21 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
+    <title>Spring Security Principal and Authorities extractor</title>
+    <link rel="stylesheet"
+          href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.2/css/bootstrap.min.css"/>
+</head>
+
+<body>
+<div class="container">
+    <div class="col-sm-12">
+        <h1>Secured Page</h1>
+        Authenticated username:
+        <div th:text="${#authentication.name}"></div>
+        Authorities:
+        <div th:text="${#authentication.authorities}"></div>
+    </div>
+</div>
+</body>
+</html>
\ No newline at end of file
diff --git a/spring-5-security/src/test/java/com/baeldung/oauth2extractors/ExtractorsUnitTest.java b/spring-5-security/src/test/java/com/baeldung/oauth2extractors/ExtractorsUnitTest.java
new file mode 100644
index 0000000000..164bc4933f
--- /dev/null
+++ b/spring-5-security/src/test/java/com/baeldung/oauth2extractors/ExtractorsUnitTest.java
@@ -0,0 +1,54 @@
+package com.baeldung.oauth2extractors;
+
+import com.baeldung.oauth2extractors.configuration.SecurityConfig;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringRunner;
+import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.setup.MockMvcBuilders;
+import org.springframework.web.context.WebApplicationContext;
+
+import javax.servlet.Filter;
+
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
+
+@RunWith(SpringRunner.class)
+@SpringBootTest(classes = ExtractorsApplication.class, webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
+@ContextConfiguration(classes = {SecurityConfig.class})
+public class ExtractorsUnitTest {
+
+    @Autowired
+    private WebApplicationContext context;
+
+    @Autowired
+    private Filter springSecurityFilterChain;
+
+    private MockMvc mvc;
+
+    @Before
+    public void setup() {
+        mvc = MockMvcBuilders
+                .webAppContextSetup(context)
+                .addFilters(springSecurityFilterChain)
+                .build();
+    }
+
+    @Test
+    public void contextLoads() throws Exception {
+    }
+
+    @Test
+    public void givenValidRequestWithoutAuthentication_shouldFailWith302() throws Exception {
+        mvc
+                .perform(get("/"))
+                .andExpect(status().isFound())
+                .andReturn();
+    }
+
+}