Step by step code examples for blog post on voxxed.com. Each branch is a working example. Create your own custom OAuth2 configuration and play with spring-boot and spring-oauth
This repo has been started by @syjer as oauthtest, to cleanup history and make it cleaner for a blog post I created this new Repo
This example is based on the following resources:
How to test:
$ cd authorization-server;mvn spring-boot:run
$ cd resource-server;mvn spring-boot:run
Obtain token with: $ curl service-account-1:service-account-1-secret@localhost:8080/auth/oauth/token -d grant_type=client_credentials
and save it in TOKEN=.......
Access the resource with: $ curl -H "Authorization: Bearer $TOKEN" -v localhost:9090
Update the resource with: $ curl -H "Content-Type: application/json" -H "Authorization: Bearer $TOKEN" -X POST -d "Bonjour" -v localhost:9090
$ cd webapp-server;mvn spring-boot:run
go to localhost:9999 and use the UI :).
You can load the message from backend server, then submit a new one and try to reload. All calls are using JWT, AS is called only the first time, RS checks the client has correct scopes. If token expires it automatically goes to AS to get a new one.
For generating your own key (as written in the stytex.de blog):
keytool -genkeypair -alias jwt -keyalg RSA -dname "CN=jwt, L=Lugano, S=Lugano, C=CH" -keypass mySecretKey -keystore jwt.jks -storepass mySecretKey
copy jwt.jks in authorization-server/src/main/resources/jwk.jks
Notes: