This repository contains a Spring Boot API starter project and demo project, both implementing API server application for menu items CRUD operations. The tutorial for creating this example is available on Auth0 Developer Blog.
Prerequisites:
To run the API demo project, which has the required dependencies for security configuration, execute the following commands:
git clone https://github.com/indiepopart/spring-menu-api.git
cd spring-menu-api/demoSign up at Auth0 and install the Auth0 CLI. Then in the command line run:
auth0 loginThe command output will display a device confirmation code and open a browser session to activate the device.
Register the API within your tenant:
auth0 apis create \
--name "Menu API" \
--identifier https://menu-api.okta.com \
--scopes "create:items,update:items,delete:items" \
--token-lifetime 86400 \
--offline-access=false \
--signing-alg "RS256"The first line in the command output will contain your Auth0 domain.
Create a copy of .env.exmple:
cp .env.example .envSet the value of OKTA_OAUTH2_ISSUER with your Auth0 domain in .env:
OKTA_OAUTH2_ISSUER=https://<your-auth0-domain>/Run the API with:
./gradlew bootRunFor the Auth0 authentication, you need to register the live client as a Single-Page Application to Auth0:
auth0 apps create \
--name "WHATABYTE Demo Client" \
--description "Single-Page Application Dashboard for menu items CRUD" \
--type spa \
--callbacks https://dashboard.whatabyte.app/home \
--logout-urls https://dashboard.whatabyte.app/home \
--origins https://dashboard.whatabyte.app \
--web-origins https://dashboard.whatabyte.appThe ClientID in the output will be required in the next step.
Go to the WHATABYTE Dashboard, and set API Server Base URL to http://localhost:8080. Toggle on Enable Authentication Features and set the following values:
- Auth0 Domain: <your-auth0-domain>
- Auth0 Client ID: <client-id>
- Auth0 Callback URL: https://dashboard.whatabyte.app/home
- Auth0 API Audience: https://menu-api.okta.com
Enable RBAC. Set menu-admin in the User Role text-box. Click on Save.
Create some test users with the Auth0 CLI.
auth0 users createCreate the menu-admin role in the Auth0 tenant:
auth0 roles createAssign the role to the user you created:
auth0 users roles assignThe role menu-admin and its permissions must be mapped to a claim in the accessToken. Configure your preferred editor to use with the Auth0 CLI:
export EDITOR=nanoCreate the Login Action:
auth0 actions createSet the name Add Roles, and select post-login for the Trigger. When the editor opens, set the following implementation for the onExecutePostLogin function.
exports.onExecutePostLogin = async (event, api) => {
const namespace = 'https://menu-api.okta.com';
if (event.authorization) {
api.idToken.setCustomClaim('preferred_username', event.user.email);
api.idToken.setCustomClaim(`${namespace}/roles`, event.authorization.roles);
api.accessToken.setCustomClaim(`${namespace}/roles`, event.authorization.roles);
}
}Save the file. Then deploy the action:
auth0 actions deploy <ACTION_ID>Attach the action to the login flow. You can do this with Auth0 Management API for Actions:
auth0 api patch "actions/triggers/post-login/bindings" \
--data '{"bindings":[{"ref":{"type":"action_id","value":"<ACTION_ID>"},"display_name":"Add Roles"}]}'Find the Menu API ID with:
auth0 apis listEnable RBAC for the Menu API:
auth0 api patch "resource-servers/<API_ID>" \
--data '{ "enforce_policies": true, "token_dialect": "access_token_authz" }'Assign the permissions defined for the Menu API to the menu-admin role:
auth0 roles permissions addFollow the instructions, and make sure to select all the API permissions:
create:itemsdelete:itemsupdate:items
All set, sign in the WHATABYTE client with the user you created and you will be able to perform read and write operations over the menu items.
Please post any questions as comments on the blog post, or on the Okta Developer Forums.
Apache 2.0, see LICENSE.