diff --git a/spring-security-sso/pom.xml b/spring-security-sso/pom.xml
index 764e899640..0cf468c2e3 100644
--- a/spring-security-sso/pom.xml
+++ b/spring-security-sso/pom.xml
@@ -19,6 +19,7 @@
         <module>spring-security-sso-auth-server</module>
         <module>spring-security-sso-ui</module>
         <module>spring-security-sso-ui-2</module>
+        <module>spring-security-principal-authorities-extractor</module>
     </modules>
 
     <properties>
diff --git a/spring-security-sso/spring-security-principal-authorities-extractor/pom.xml b/spring-security-sso/spring-security-principal-authorities-extractor/pom.xml
new file mode 100644
index 0000000000..5bd8de9c16
--- /dev/null
+++ b/spring-security-sso/spring-security-principal-authorities-extractor/pom.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <artifactId>spring-security-sso</artifactId>
+        <groupId>org.baeldung</groupId>
+        <version>1.0.0-SNAPSHOT</version>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>spring-security-principal-authorities-extractor</artifactId>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.security.oauth.boot</groupId>
+            <artifactId>spring-security-oauth2-autoconfigure</artifactId>
+            <version>${oauth-auto.version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-thymeleaf</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.thymeleaf.extras</groupId>
+            <artifactId>thymeleaf-extras-springsecurity4</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-test</artifactId>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-test</artifactId>
+            <scope>test</scope>
+        </dependency>
+    </dependencies>
+</project>
\ No newline at end of file
diff --git a/spring-security-sso/spring-security-principal-authorities-extractor/src/main/java/org/baeldung/Application.java b/spring-security-sso/spring-security-principal-authorities-extractor/src/main/java/org/baeldung/Application.java
new file mode 100644
index 0000000000..0dfbbef86e
--- /dev/null
+++ b/spring-security-sso/spring-security-principal-authorities-extractor/src/main/java/org/baeldung/Application.java
@@ -0,0 +1,18 @@
+package org.baeldung;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.ui.Model;
+import org.springframework.web.bind.annotation.GetMapping;
+
+@SpringBootApplication
+public class Application {
+    public static void main(String[] args) {
+        SpringApplication.run(Application.class, args);
+    }
+
+    @GetMapping("/")
+    public String homePage(Model model) {
+        return "index";
+    }
+}
diff --git a/spring-security-sso/spring-security-principal-authorities-extractor/src/main/java/org/baeldung/configuration/SecurityConfig.java b/spring-security-sso/spring-security-principal-authorities-extractor/src/main/java/org/baeldung/configuration/SecurityConfig.java
new file mode 100644
index 0000000000..4de1932392
--- /dev/null
+++ b/spring-security-sso/spring-security-principal-authorities-extractor/src/main/java/org/baeldung/configuration/SecurityConfig.java
@@ -0,0 +1,38 @@
+package org.baeldung.configuration;
+
+import org.baeldung.extractor.CustomAuthoritiesExtractor;
+import org.baeldung.extractor.CustomPrincipalExtractor;
+import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso;
+import org.springframework.boot.autoconfigure.security.oauth2.resource.AuthoritiesExtractor;
+import org.springframework.boot.autoconfigure.security.oauth2.resource.PrincipalExtractor;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+
+@Configuration
+@EnableOAuth2Sso
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http.antMatcher("/**")
+                .authorizeRequests()
+                .antMatchers("/login**")
+                .permitAll()
+                .anyRequest()
+                .authenticated()
+                .and()
+                .formLogin().disable();
+    }
+
+    @Bean
+    public PrincipalExtractor principalExtractor() {
+        return new CustomPrincipalExtractor();
+    }
+
+    @Bean
+    public AuthoritiesExtractor authoritiesExtractor() {
+        return new CustomAuthoritiesExtractor();
+    }
+}
diff --git a/spring-security-sso/spring-security-principal-authorities-extractor/src/main/java/org/baeldung/extractor/CustomAuthoritiesExtractor.java b/spring-security-sso/spring-security-principal-authorities-extractor/src/main/java/org/baeldung/extractor/CustomAuthoritiesExtractor.java
new file mode 100644
index 0000000000..c1a78634aa
--- /dev/null
+++ b/spring-security-sso/spring-security-principal-authorities-extractor/src/main/java/org/baeldung/extractor/CustomAuthoritiesExtractor.java
@@ -0,0 +1,27 @@
+package org.baeldung.extractor;
+
+import org.springframework.boot.autoconfigure.security.oauth2.resource.AuthoritiesExtractor;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.AuthorityUtils;
+
+import java.util.LinkedHashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+
+public class CustomAuthoritiesExtractor implements AuthoritiesExtractor {
+    private static final List<GrantedAuthority> GITHUB_FREE_AUTHORITIES = AuthorityUtils.commaSeparatedStringToAuthorityList("GITHUB_USER,GITHUB_USER_FREE");
+    private static final List<GrantedAuthority> GITHUB_SUBSCRIBED_AUTHORITIES = AuthorityUtils.commaSeparatedStringToAuthorityList("GITHUB_USER,GITHUB_USER_SUBSCRIBED");
+
+    @Override
+    public List<GrantedAuthority> extractAuthorities(Map<String, Object> map) {
+        if (Objects.nonNull(map.get("plan"))) {
+            if (!((LinkedHashMap) map.get("plan"))
+                    .get("name")
+                    .equals("free")) {
+                return GITHUB_SUBSCRIBED_AUTHORITIES;
+            }
+        }
+        return GITHUB_FREE_AUTHORITIES;
+    }
+}
diff --git a/spring-security-sso/spring-security-principal-authorities-extractor/src/main/java/org/baeldung/extractor/CustomPrincipalExtractor.java b/spring-security-sso/spring-security-principal-authorities-extractor/src/main/java/org/baeldung/extractor/CustomPrincipalExtractor.java
new file mode 100644
index 0000000000..d356c07e3b
--- /dev/null
+++ b/spring-security-sso/spring-security-principal-authorities-extractor/src/main/java/org/baeldung/extractor/CustomPrincipalExtractor.java
@@ -0,0 +1,13 @@
+package org.baeldung.extractor;
+
+import org.springframework.boot.autoconfigure.security.oauth2.resource.PrincipalExtractor;
+
+import java.util.Map;
+
+public class CustomPrincipalExtractor implements PrincipalExtractor {
+
+    @Override
+    public Object extractPrincipal(Map<String, Object> map) {
+        return map.get("login");
+    }
+}
diff --git a/spring-security-sso/spring-security-principal-authorities-extractor/src/main/resources/application.yml b/spring-security-sso/spring-security-principal-authorities-extractor/src/main/resources/application.yml
new file mode 100644
index 0000000000..324df694df
--- /dev/null
+++ b/spring-security-sso/spring-security-principal-authorities-extractor/src/main/resources/application.yml
@@ -0,0 +1,14 @@
+security:
+  oauth2:
+    client:
+      clientId: 89a7c4facbb3434d599d
+      clientSecret: 9b3b08e4a340bd20e866787e4645b54f73d74b6a
+      accessTokenUri: https://github.com/login/oauth/access_token
+      userAuthorizationUri: https://github.com/login/oauth/authorize
+      clientAuthenticationScheme: form
+      scope: read:user,user:email
+    resource:
+      userInfoUri: https://api.github.com/user
+spring:
+  thymeleaf:
+    cache: false
\ No newline at end of file
diff --git a/spring-security-sso/spring-security-principal-authorities-extractor/src/main/resources/templates/index.html b/spring-security-sso/spring-security-principal-authorities-extractor/src/main/resources/templates/index.html
new file mode 100644
index 0000000000..414dd54a42
--- /dev/null
+++ b/spring-security-sso/spring-security-principal-authorities-extractor/src/main/resources/templates/index.html
@@ -0,0 +1,21 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
+    <title>Spring Security Principal and Authorities extractor</title>
+    <link rel="stylesheet"
+          href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.2/css/bootstrap.min.css"/>
+</head>
+
+<body>
+<div class="container">
+    <div class="col-sm-12">
+        <h1>Secured Page</h1>
+        Authenticated username:
+        <div th:text="${#authentication.name}"></div>
+        Authorities:
+        <div th:text="${#authentication.authorities}"></div>
+    </div>
+</div>
+</body>
+</html>
\ No newline at end of file
diff --git a/spring-security-sso/spring-security-principal-authorities-extractor/src/test/java/ApplicationUnitTest.java b/spring-security-sso/spring-security-principal-authorities-extractor/src/test/java/ApplicationUnitTest.java
new file mode 100644
index 0000000000..c14cbc9866
--- /dev/null
+++ b/spring-security-sso/spring-security-principal-authorities-extractor/src/test/java/ApplicationUnitTest.java
@@ -0,0 +1,53 @@
+import org.baeldung.Application;
+import org.baeldung.configuration.SecurityConfig;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringRunner;
+import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.setup.MockMvcBuilders;
+import org.springframework.web.context.WebApplicationContext;
+
+import javax.servlet.Filter;
+
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
+
+@RunWith(SpringRunner.class)
+@SpringBootTest(classes = Application.class, webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
+@ContextConfiguration(classes = {SecurityConfig.class})
+public class ApplicationUnitTest {
+
+    @Autowired
+    private WebApplicationContext context;
+
+    @Autowired
+    private Filter springSecurityFilterChain;
+
+    private MockMvc mvc;
+
+    @Before
+    public void setup() {
+        mvc = MockMvcBuilders
+                .webAppContextSetup(context)
+                .addFilters(springSecurityFilterChain)
+                .build();
+    }
+
+    @Test
+    public void contextLoads() throws Exception {
+    }
+
+    @Test
+    public void givenValidRequestWithoutAuthentication_shouldFailWith302() throws Exception {
+        mvc
+                .perform(get("/"))
+                .andExpect(status().isFound())
+                .andReturn();
+    }
+
+}