This demo shows how to build a Spring Boot app and secure it with OAuth 2.0 and OpenID Connect. Then, it shows how to create resource servers with Quarkus and Micronaut.
Prerequisites:
Use start.spring.io to create a new Spring Boot project with OAuth dependencies.
https start.spring.io/starter.tgz dependencies==web,okta \
baseDir==spring-boot | tar -xzvf - && cd spring-boot|
Note
|
The Okta Spring Boot starter includes oauth2-client and oauth2-resource-server.
|
-
Ensure it starts and you can log in as
user../gradlew bootRun
-
Install the Auth0 CLI and run
auth0 loginto get your domain. -
Add your Auth0 domain to
application.propertiesto configure a resource server.okta.oauth2.issuer=https://<your-auth0-domain>/ okta.oauth2.audience=${okta.oauth2.issuer}api/v2/
-
Add a
HelloController.javafile with the following code.@RestController class HelloController { @GetMapping("/hello") public String hello(Principal principal) { return "Hello, " + principal.getName() + "!"; } }
-
Run the app using Gradle.
./gradlew bootRun
-
Open a new terminal and use HTTPie to test the resource server.
http :8080/hello
You will get a 401 response.
-
Create an access token using Auth0’s CLI:
auth0 test token -a https://<your-auth0-domain>/api/v2/
-
Set the access token as an environment variable:
TOKEN=eyJhbGciOiJSUzI1NiIsInR5cCI6...
-
Access your resource server using HTTPie:
http :8080/hello "Authorization: Bearer $TOKEN" -
You should receive a 200 response with a message.
Hello, auth0|61bcbc76f64d4a0072af8a1d!
-
Stop the resource server using Ctrl+C.
-
Create an OIDC application using the Auth0 CLI.
auth0 apps create \ --name "Spring Boot" \ --description "Spring Boot Example" \ --type regular \ --callbacks http://localhost:8080/login/oauth2/code/okta \ --logout-urls http://localhost:8080 \ --reveal-secrets
-
Update
application.propertiesto include your client ID and client secret.okta.oauth2.issuer=https://<your-auth0-domain>/ okta.oauth2.audience=${okta.oauth2.issuer}api/v2/ okta.oauth2.client-id=<client-id> okta.oauth2.client-secret=<client-secret>
-
Add a
HomeControllerto display the user’s name after they log in.@RestController class HomeController { @GetMapping("/") public String home(@AuthenticationPrincipal OidcUser user) { return "Hello, " + user.getFullName() + "!"; } }
-
Restart the server. Use Ctrl+C to stop it if it’s running.
./gradlew bootRun
-
Log in at
http://localhost:8080. -
Use HTTPie again to confirm your resource server still works.
http :8080/hello "Authorization: Bearer $TOKEN" -
You can inspect your access token at jwt.io.
-
Clone the Okta Quarkus Sample:
git clone https://github.com/okta-samples/okta-quarkus-sample.git quarkus
-
Update
application.propertiesto use Auth0. Remove all other properties.quarkus.oidc.auth-server-url=https://<your-auth0-domain> mp.jwt.verify.publickey.location=${quarkus.oidc.auth-server-url}/v1/keys mp.jwt.verify.issuer=${quarkus.oidc.auth-server-url}
-
Run the app:
mvn quarkus:dev
-
Verify you can access it with an access token.
http :8080/hello "Authorization: Bearer $TOKEN"
-
Clone the Okta Micronaut Sample:
git clone https://github.com/okta-samples/okta-micronaut-sample.git micronaut
-
Update
application.ymlto change the public key location. Remove all other properties.micronaut.security.token.jwt.signatures.jwks.auth0.url: https://<your-auth0-domain>/.well-known/jwks.json
-
Run the app:
mvn mn:run
-
Verify you can access it with an access token.
http :8080/hello "Authorization: Bearer $TOKEN"