OAuth2/OIDC SSO Demo with Spring Boot + Spring Security + Spring Cloud Gateway
This demo app consists of following three components:
- Authorization ... OAuth2 Authorization Server which implements some OIDC features that Spring Security requires. Using legacy Spring Security OAuth2.
- Todo API ... OAuth2 Resource Server. Provides REST API. Using Spring Security 5's OAuth2 Resource Server functionality.
- Todo Frontend ... Web UI (React) backed by Spring Security 5's OAuth2 Login functionality + Spring Cloud Gateway's Token Relay.
⚠️ Spring Security OAuth will reach end-of-life in May 2022.
Authorization Code Flow
Resource Owner Password Credentials Flow
ACCESS_TOKEN=$(curl -s http://127.0.0.1:9999/oauth/token -u todo:todo -d grant_type=password -d [email protected] -d password=password | jq -r .access_token)
TODO_ID=$(curl -s localhost:8082/todos -H "Authorization: Bearer ${ACCESS_TOKEN}" -H "Content-Type: application/json" -d '{"todoTitle": "Demo"}' | jq -r .todoId)
curl -s localhost:8082/todos -H "Authorization: Bearer ${ACCESS_TOKEN}"
curl -s localhost:8082/todos/${TODO_ID} -H "Authorization: Bearer ${ACCESS_TOKEN}"
curl -s -X PUT localhost:8082/todos/${TODO_ID} -H "Authorization: Bearer ${ACCESS_TOKEN}" -H "Content-Type: application/json" -d '{"finished": "true"}'
curl -s -X DELETE localhost:8082/todos/${TODO_ID} -H "Authorization: Bearer ${ACCESS_TOKEN}"
curl -s localhost:8082/todos -H "Authorization: Bearer ${ACCESS_TOKEN}"
Build
./mvnw clean package -f authorization/pom.xml -DskipTests
./mvnw clean package -f todo-api/pom.xml -DskipTests
./mvnw clean package -f todo-frontend/pom.xml -DskipTests
Deploy to Cloud Foundry
## Fix name and OAUTH_CLIENTS_0_ADDITIONALINFORMATION_URL for your env
cf push -f authorization/manifest.yml
## Fix name and SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI for your env
cf push -f todo-api/manifest.yml
## Fix name, SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_DEMO_ISSUER_URI and SPRING_CLOUD_GATEWAY_ROUTES_0_URI for your env
cf push -f todo-frontend/manifest.yml
Demo Site
- url: https://todo.apps.pcfone.io
- user:
[email protected] / password
or[email protected] / password