OAuth 2.0 Protocols and Patterns

Warning

The samples in this repo are intended for educational purposes to demonstrate certain features of Spring Security and OAuth 2.0 / OpenID Connect 1.0. DO NOT blindly copy/paste code from the samples into production applications. Please work with your information security team to determine the suitability of using the patterns shown in the samples.

Run the Sample

• Build the sample → ./gradlew clean build

• Run Spring Authorization Server → ./gradlew -b auth-server/build.gradle bootRun

  • IMPORTANT: Make sure to modify your /etc/hosts file to avoid problems with session cookie overwrites between ui-app and auth-server. Simply add the entry 127.0.0.1 auth-server

• Run UI App → ./gradlew -b ui-app/build.gradle bootRun

• Run Microservice A → ./gradlew -b microservice-a/build.gradle bootRun

• Run Microservice B → ./gradlew -b microservice-b/build.gradle bootRun

• Run Microservice C → ./gradlew -b microservice-c/build.gradle bootRun

• Go to http://127.0.0.1:8080 and login to Spring Authorization Server using user1/password

  Important

  Make sure to use the IP literal 127.0.0.1 and not localhost.

Resources

Reference Documentation

• OAuth 2.0 Client

• OAuth 2.0 Login

• OAuth 2.0 Resource Server

Samples

• OAuth 2.0 Login

• OAuth 2.0 Login (WebFlux)

• OAuth 2.0 WebClient extensions (Servlet)

• OAuth 2.0 WebClient extensions (WebFlux)

• OAuth 2.0 Resource Server

• OAuth 2.0 Resource Server (WebFlux)