Skip to content

johnraber/auth0-spring-security-api-sample

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

59 Commits
img
img
 
 
postman
postman
 
 
src/main
src/main
 
 
.gitignore
.gitignore
 
 
LICENCE
LICENCE
 
 
README.md
README.md
 
 
metadata.json
metadata.json
 
 
pom.xml
pom.xml
 
 

Repository files navigation

Authorization

This example shows how to secure your Java Spring Security API endpoints using Auth0-issued JSON Web Tokens.

You can read a quickstart for this sample here.

Start by renaming the auth0.properties.example file in src/main/resources to auth0.properties and provide it with your application's domain, client ID, client secret, and issuer.

Prerequisites

In order to run this example you will need to have Maven installed. You can install Maven with brew:

brew install maven

Check that your maven version is 3.0.x or above:

mvn -v

Build and Run

In order to build and run the project execute:

mvn spring-boot:run

Test the API

To run a request against the exposed API endpoints, simply make GET or POST requests as follows (using any http client you choose).

Key Point: Remember to include the Authorization: Bearer {{YOUR JWT TOKEN}}" header. You can generate a JWT perhaps easiest by downloading a web client sample from the Auth0 Dashboard for the same application you defined above, and then by logging using that App and retrieving the generated JWT token that way.

Make sure that the scope includes the following as a bare minimum: openid roles - without roles your JWT will contain no roles information regardless of what is associated with the UserProfile itself.

Here is a snippet of code for Lock, roughly how this should look:

var lock = new Auth0Lock('${clientId}', '${domain}');
lock.showSignin({
    authParams: {
        scope: 'openid roles user_id name email'
    },
    // ... other params
});

Here are some examples of the available endpoints using CURL from the command line instead. For the secured endpoints, please ensure you replace {{jwt_token}} with your JWT Token value.

Public endpoint:

curl -X GET -H "Content-Type: application/json" -H "Cache-Control: no-cache" "http://localhost:3001/ping"

Secured endpoints:

curl -X GET -H "Authorization: Bearer {{jwt_token}}" -H "Cache-Control: no-cache" "http://localhost:3001/api/v1/profiles"

or

curl -X GET -H "Authorization: Bearer {{jwt_token}}" -H "Cache-Control: no-cache" "http://localhost:3001/api/v1/profiles/1"

or

curl -X POST -H "Authorization: Bearer {{jwt_token}}" -H "Content-Type: application/json" -H "Cache-Control: no-cache" -d '{
    "name": "Chuck",
    "email": "chuck@communications.com"
 }' "http://localhost:3001/api/v1/profiles"

or

curl -X PUT -H "Authorization: Bearer {{jwt_token}}" -H "Content-Type: application/json" -H "Cache-Control: no-cache" -d '{
    "email": "bob@youwerehacked.com"
 }' "http://localhost:3001/api/v1/profiles/1"

or

curl -X DELETE -H "Authorization: Bearer {{jwt_token}}" -H "Cache-Control: no-cache" "http://localhost:3001/api/v1/profiles/2"

About

Demonstrates using Auth0 with Spring Boot and Spring Security to create a Java Spring API Server - JWT Token and Role level Authorization

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages

  • Java 100.0%