Authentication sample using new spring authorization server. Includes: authorization server configuration; jwt with roles configuration (adding claims); spring security setup with roles filters; client SPA with pkce; custom login page; resorce server delivering principal.
spring-boot-starter-security; spring-boot-starter-web; spring-security-oauth2-authorization-server; spring-boot-starter-oauth2-resource-server; spring-boot-starter-thymeleaf; See pom file for complete dependencies.
Use browser to request authorization code, copy value and add in a post request to token value (use postman software for token retrieve).
Browser:
With pcke: http://127.0.0.1:8080/oauth2/authorize?response_type=code&client_id=SGProd&redirect_uri=http://10.8.216.99:3000/authorize&scope=openid&code_challenge=rMKPR6wVdfqySdN2inao89aPtczIzBmXcAGcTJOP0Bk&code_challenge_method=S256&state="STATE"
No pkce: http://127.0.0.1:8080/oauth2/authorize?response_type=code&client_id=alessandro&redirect_uri=https://www.google.com&scope=openi
Postman:
POST -> http://127.0.0.1:8000/oauth2/token
[{"key":"grant_type","value":"authorization_code","description":""},
{"key":"client_id","value":"huongdanjava","description":""},
{"key":"client_secret","value":"123456","description":""},
{"key":"code","value":"AUTHORIZATION CODE HERE","description":""},
{"key":"redirect_uri","value":"http://127.0.0.1:8080/authorized","description":""}]
Inspiration, code snippets, etc.