wlesniak / effective-oauth2-with-spring-security-and-spring-boot Goto Github PK
View Code? Open in Web Editor NEWDemo code for pluralsight course: https://app.pluralsight.com/library/courses/oauth2-spring-security-spring-boot
Demo code for pluralsight course: https://app.pluralsight.com/library/courses/oauth2-spring-security-spring-boot
To run this demo: - Ensure your client secrets are correct, and updated in the application.yml file. - From modules 4 - 8 an instance of a keycloak server runnning, with a user created. I have included realm-export file to setup the demo realm if you do not wish to configure it manually by following the modules, this will set everything up for you. - For the admin features you need a user with the portfolio_admin role, see this modules clips for instructions. - You need to start keycloak before any of the other services as they use the issuer URI to bootstap security. - All service pricing, portfolio and support need to be running. - In module 7 - 8 your access token created by keycloak, needs to have the "portfolio-service" and "support-service" "aud" - audience claim in the token, if it does not the "com.pluralsight.security.validatorsCryptoJwtTokenValidator" will deny the request. See the module demo on how to set this up. - From module 7 the token created by the portfolio service via the client credentials grant needs to "pricing" scope in the user info claims, otherwise the pricing service will not start. - Also ensure the roles mapper, and portfolio and support service audience mappers are created for the react client in keycloak. *********************** Trouble shooting *********************** If you have any issues try the following: - - Remove your localhost browser cookie and try to re-authenticate. - Your access token created by keycloak - Ensure your client id and secrets are correct in the services: application.yml file. - Enable debug logging in the application.yml file of your properties file to check the logs. - You can use the realm-export.json file to import the keycloak demo realm with all the settings.
Hi Wojciech.
Firstly, thanks for the great course on PluralSight, your clear and concise teaching style helped me learn a lot in a short time.
I have a question which I don't think was covered in your course. If this isn't the place for questions, please let me know, I'll delete this.
I have a front end SPA that performs half of the OAuth authorisation flow, i.e. it gets the authorization code from Google's OAuth endpoint.
I want to pass this to my spring boot back end and have my back end exchange the code for a token and then establish a user session. Now I can of course do this manually and use the Google API library in Java, but there are a multitude of benefits I can derive by getting spring to do the work for me.
In your course section 'Server-side Applications: Single Sign-in with Oauth2', you show how we can add configuration to our applications, based on which Spring automatically performs the whole authorisation flow for an identity provider like Google. Is there however a well established way that I can customise spring so that it only performs the 'code for token exchange' part of the authorisation flow?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.