spring-security-oauth2-authorization-server
Demo Authorization Server using Nimbus and Spring Security
Before using, make sure to modify your /etc/hosts
file so that you don't have problems with session cookies from a client app fighting with the authorization server.
127.0.0.1 idp
This is a Spring Boot application, so to start it, you can do:
gw :bootRun
To check that it is up, you can hit the OIDC discovery endpoint:
http :8081/.well-known/openid-configuration
The server has one client whose client id and secret are client/secret
.
It has one user whose username and password are user/password
.
It has three scopes, profile
, message:read
, and message:write
.
Client Configuration
Now, configure a client application to point at this authorization server:
http --from https://start.spring.io/starter.tgz \
dependencies=web,oauth2-client baseDir=client | tar -xzvf -
Modifying the application.yml
like so:
spring:
security:
oauth2:
client:
provider:
keycloak:
issuer-uri: http://idp:8081
registration:
keycloak:
client-id: client
client-secret: secret
Make sure to add some kind of endpoint:
@RestController
public class ClientController {
@GetMapping("/")
public String index(Model model,
@RegisteredOAuth2AuthorizedClient OAuth2AuthorizedClient authorizedClient,
@AuthenticationPrincipal OAuth2User oauth2User) {
return oauth2User.getName();
}
}
And you should see the name of the user: user
.