Sample demonstrating OAuth2/Open ID Connect with Spring Boot 2
Switch branches/tags
Nothing to show
Clone or download

README.md

The repository accompanies the blog post here

Start an OAuth2 authorization server

Use the uaac command line utility to interact with UAA to populate the details of some of the actors involved:

# Target local UAA
uaac target http://localhost:8080/uaa --skip-ssl-validation

# Login as a canned client
uaac token client get admin -s adminsecret

# Add a client credential with client_id of client1 and client_secret of client1
uaac client add client1 \
   --name client1 \
   --scope resource.read,resource.write,openid,profile,email,address,phone \
   -s client1 \
   --authorized_grant_types authorization_code,refresh_token,client_credentials,password \
   --authorities uaa.resource \
   --redirect_uri http://localhost:8888/**


# Another client credential resource1/resource1
uaac client add resource1 \
  --name resource1 \
  -s resource1 \
  --authorized_grant_types client_credentials \
  --authorities uaa.resource


# Add a few users
uaac user add user1 -p user1 --emails user1@user1.com
uaac user add user2 -p user2 --emails user2@user2.com


# Add two scopes resource.read, resource.write
uaac group add resource.read
uaac group add resource.write

# Assign user1 both resource.read, resource.write scope:
uaac member add resource.read user1
uaac member add resource.write user1


# Assign user2 only resource.read scope:
uaac member add resource.read user1
uaac member add resource.write user1

Start the legacy Spring Boot 2/Spring Security OAuth2 sample App

./gradlew -p applications/oauth2-boot2-legacy clean bootRun

Start the native Spring Boot2/Security OAuth2 sample App

./gradlew -p applications/oauth2-boot2-native clean bootRun

Start the native Spring Boot 2 With Webflux/Security OAuth2 sample App

./gradlew -p applications/oauth2-boot2-webflux clean bootRun

Test an Authorization Code flow

image::https://raw.githubusercontent.com/bijukunjummen/oauth-uaa-sample/master/flows/Authorization_Code_Flow.png[Authorization Code Grant Type]

Go to UI available at http://localhost:8888/ and click the UI to access a secure page. Login with user1/user1 OR user2/user2 when prompted.