Demonstrates a modern approach to using Auth0 with SpringBoot and Spring Security to create an API Server.
Leverages Auth0 dependencies:
Useful quick start reference to getting started with Spring Boot
In order to run this example you will need to have Maven installed. You can install Maven with brew:
brew install maven
Check that your maven version is 3.0.x or above:
mvn -v
Create an application in via Auth0 Dashboard
Add your auth0_domain
, client_id
, and client_secret
to src/main/resources/auth0.properties of this project of this project
In order to build and run the project you must execute:
mvn clean package
java -jar target/auth0-springboot-api-0.0.1-SNAPSHOT.jar
To run a request against the two exposed API endpoints, simply make a GET or POST request as follows (using any http library / technology you choose):
curl -X GET -H "Authorization: Bearer {{YOUR JWT TOKEN}}" -H "Content-Type: application/json" -H "Cache-Control: no-cache" -H "Postman-Token: c1b68180-4b90-e5b4-3896-d5c1fdece168" "http://localhost:8080/secured/get"
or
curl -X POST -H "Authorization: Bearer {{YOUR JWT TOKEN}}" -H "Content-Type: application/json" -H "Cache-Control: no-cache" -H "Postman-Token: 882c97c9-0802-d937-d419-583ba714609c" -d '{"hello":"world"}' "http://localhost:8080/secured/post"
Key Point: Remember to include the Authorization: Bearer {{YOUR JWT TOKEN}}"
header. You can generate a JWT perhaps easiest by downloading
a web client sample from the Auth0 Dashboard for the same application you defined above, and then by logging using that App and retrieving the
generated JWT token that way.
Finally, there is also a POSTMAN collection available inside the /postman
directory. Import this into POSTMAN, set up a POSTMAN
environment variable called token
with a JWT value and you are ready to go with an HTTP Client out of the box!
Auth0 helps you to:
- Add authentication with multiple authentication sources, either social like Google, Facebook, Microsoft Account, LinkedIn, GitHub, Twitter, Box, Salesforce, amont others, or enterprise identity systems like Windows Azure AD, Google Apps, Active Directory, ADFS or any SAML Identity Provider.
- Add authentication through more traditional username/password databases.
- Add support for linking different user accounts with the same user.
- Support for generating signed Json Web Tokens to call your APIs and flow the user identity securely.
- Analytics of how, when and where users are logging in.
- Pull data from other sources and add it to the user profile, through JavaScript rules.
- Go to Auth0 and click Sign Up.
- Use Google, GitHub or Microsoft Account to login.
If you have found a bug or if you have a feature request, please report them at this repository issues section. Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.
And a big shout out to Mark Britten
who contributed much of this content whilst working on a personal project, and freely donating it.
This project is licensed under the MIT license. See the LICENSE file for more info.