{"id":24414850,"url":"https://github.com/andifalk/authorizationserver","last_synced_at":"2026-03-07T04:04:25.274Z","repository":{"id":37752815,"uuid":"245018603","full_name":"andifalk/authorizationserver","owner":"andifalk","description":"Spring Boot OAuth 2.0 \u0026 OpenID Connect Identity Provider / Authorization Server","archived":false,"fork":false,"pushed_at":"2021-12-23T17:58:14.000Z","size":2269,"stargazers_count":130,"open_issues_count":11,"forks_count":37,"subscribers_count":9,"default_branch":"master","last_synced_at":"2025-08-26T02:49:58.764Z","etag":null,"topics":["authorization-code-grant","authorization-server","authorizationserver","authorizationservice","client-credentials-grant","identity-provider","introspection","java","jwt","jwt-bearer-tokens","oauth2","oauth2-provider","openid-connect","openidconnect","pkce","spring-boot","spring-security"],"latest_commit_sha":null,"homepage":"https://andifalk.github.io/authorizationserver","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/andifalk.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null}},"created_at":"2020-03-04T22:37:41.000Z","updated_at":"2025-01-24T11:42:42.000Z","dependencies_parsed_at":"2022-08-27T13:10:58.024Z","dependency_job_id":null,"html_url":"https://github.com/andifalk/authorizationserver","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/andifalk/authorizationserver","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andifalk%2Fauthorizationserver","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andifalk%2Fauthorizationserver/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andifalk%2Fauthorizationserver/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andifalk%2Fauthorizationserver/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/andifalk","download_url":"https://codeload.github.com/andifalk/authorizationserver/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andifalk%2Fauthorizationserver/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30207394,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-07T03:24:23.086Z","status":"ssl_error","status_checked_at":"2026-03-07T03:23:11.444Z","response_time":53,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authorization-code-grant","authorization-server","authorizationserver","authorizationservice","client-credentials-grant","identity-provider","introspection","java","jwt","jwt-bearer-tokens","oauth2","oauth2-provider","openid-connect","openidconnect","pkce","spring-boot","spring-security"],"created_at":"2025-01-20T07:19:37.369Z","updated_at":"2026-03-07T04:04:20.255Z","avatar_url":"https://github.com/andifalk.png","language":"Java","readme":"[![License](https://img.shields.io/badge/License-Apache%20License%202.0-brightgreen.svg)][1]\n![Java CI](https://github.com/andifalk/authorizationserver/workflows/Java%20CI/badge.svg)\n![SecurityScan](https://github.com/andifalk/authorizationserver/workflows/SecurityScan/badge.svg?branch=master)\n![CodeQL](https://github.com/andifalk/authorizationserver/workflows/CodeQL/badge.svg?branch=master)\n\n# Authorization Server\n\nAn OAuth 2.0 \u0026 OpenID Connect (OIDC) compliant authorization server just for demo purposes to be used as part of OAuth2/OIDC workshops.\n\n## Targets\n\nThis authorization server should...\n\n* be available for free as open-source\n* support efforts to learn OAuth2/OpenID Connect (self-study or as part of workshops)\n* provide an easy way for setting up and run it (i.e. without consulting tons of documentation)\n* support latest specs and drafts for OAuth 2.x and OpenID Connect\n* be provided as docker container \u0026 support [testcontainers](https://www.testcontainers.org/)\n\n__IMPORTANT:__  \nThe intention of this project is to be used for demos and as part of trainings/workshops.  \nIt is __NOT__ ready for production use!!\n\nIf you are looking for a production-grade identity access management solution please consult the \nlist of [Certified OpenID provider servers and services](https://openid.net/developers/certified/) \nat the [OpenID Foundation](https://openid.net/).\n\n## Features (Supported)\n\n* [RFC 6749: OAuth 2.0 Authorization Framework](https://www.rfc-editor.org/rfc/rfc6749.html)\n* [RFC 8252: OAuth 2.0 for Native Apps](https://www.rfc-editor.org/rfc/rfc8252.html)\n* [OpenID Connect 1.0](https://openid.net/specs/openid-connect-core-1_0.html)\n* OAuth 2.0 Grant Flows:\n  * [Authorization Code Grant](https://www.rfc-editor.org/rfc/rfc6749.html#section-4.1) (+ [PKCE](https://tools.ietf.org/html/rfc7636))\n  * [Client Credentials Grant](https://www.rfc-editor.org/rfc/rfc6749.html#section-4.4)\n  * [Resource Owner Password Credentials Grant](https://www.rfc-editor.org/rfc/rfc6749.html#section-4.3)\n* [RFC 6750: OAuth 2.0 Bearer Token Usage](https://www.rfc-editor.org/rfc/rfc6750.html)\n  * Signed [Json Web Tokens (using RSA PKI)](https://tools.ietf.org/html/rfc7519)\n  * Opaque Tokens + [OAuth 2.0 Token Introspection](https://tools.ietf.org/html/rfc7662)\n  * [OAuth 2.0 Token Revocation](https://www.rfc-editor.org/rfc/rfc7009.html)\n* [OpenID Connect Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html)\n* [JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens](https://datatracker.ietf.org/doc/draft-ietf-oauth-access-token-jwt/)\n* Simple User Access Management API (Following [SCIM2 standard](http://www.simplecloud.info/#Specification))\n* Simple User Access Management Web UI (Read access only)\n* Management of OAuth2/OIDC Clients API\n* Management of OAuth2/OIDC Clients Web UI (Read access only)\n\n## Features (NOT Supported)\n\n* OAuth 2.0 Grant Flows:\n  * [Implicit Grant](https://www.rfc-editor.org/rfc/rfc6749#section-4.2) (Not supported by intention, because of [OAuth 2.0 Security Best Current Practice](https://www.ietf.org/id/draft-ietf-oauth-security-topics-15.html))\n  * [OIDC Hybrid Grant Flow](https://openid.net/specs/openid-connect-core-1_0.html#HybridFlowSteps) (Not supported by intention, because of [OAuth 2.0 Security Best Current Practice](https://www.ietf.org/id/draft-ietf-oauth-security-topics-15.html) as this flow (same as the implicit flow) also returns the id token via the insecure front channel)\n\n## Features (Planned)\n\n* [RFC 8628: OAuth 2.0 Device Authorization Grant](https://www.rfc-editor.org/rfc/rfc8628.html)\n* [RFC 8693: OAuth 2.0 Token Exchange](https://www.rfc-editor.org/rfc/rfc8693.html)\n* [RFC 8707: OAuth 2.0 Resource Indicators](https://www.rfc-editor.org/rfc/rfc8707.html)\n* [RFC 8705: OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens](https://www.rfc-editor.org/rfc/rfc8705.html)\n* [OAuth 2.0 Demonstration of Proof-of-Possession at the Application Layer (DPoP)](https://datatracker.ietf.org/doc/draft-ietf-oauth-dpop/)\n* [The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR)](https://datatracker.ietf.org/doc/draft-ietf-oauth-jwsreq/)\n* [OAuth 2.0 Pushed Authorization Requests](https://datatracker.ietf.org/doc/draft-ietf-oauth-par/)\n* [OAuth 2.0 Rich Authorization Requests](https://datatracker.ietf.org/doc/draft-ietf-oauth-rar/)\n* [JWT Response for OAuth Token Introspection](https://datatracker.ietf.org/doc/draft-ietf-oauth-jwt-introspection-response/)\n* [OAuth 2.0 Incremental Authorization](https://datatracker.ietf.org/doc/draft-ietf-oauth-incremental-authz/)\n* [The OAuth 2.1 Authorization Framework](https://datatracker.ietf.org/doc/draft-parecki-oauth-v2-1/)\n\n## Roadmap\n\n* Q1 2021: [Release 1.0](https://github.com/andifalk/authorizationserver/milestone/1) - Mandatory OAuth 2.0 \u0026 OIDC grant flows, user and client management, H2 in-memory storage\n* Q2 2021: [Release 1.1](https://github.com/andifalk/authorizationserver/milestone/2) - Support additional OAuth 2.0 RFCs/Drafts + support other databases for storage\n\n## Setup and Run the Authorization Server\n\nTo run the server you need at least a Java 11 JDK or higher (versions 11 and 14 are currently tested).\n\nTo run the server just perform a ```gradlew bootrun``` or \nrun the Spring Boot starter class _com.example.authorizationserver.AuthorizationServerApplication_ via your Java IDE.\n\nIt is also planned to provide the server as pre-packaged docker container image at a later project stage.\n\n## User Management\n\nIt is planned to provide an integrated user management system via Web UI and Rest API.\nCurrently, the Web UI only supports read-only access at [localhost:9090/auth/admin](http://localhost:9090/auth/admin).\nThe Rest API also supports creating new users already.\n\nThe following predefined users are setup at startup time automatically:\n\n| Username | Email                    | Password | Role            |\n| ---------| ------------------------ | -------- | --------------- |\n| bwayne   | bruce.wayne@example.com  | wayne    | LIBRARY_USER    |\n| pparker  | peter.parker@example.com | parker   | LIBRARY_CURATOR |\n| ckent    | clark.kent@example.com   | kent     | LIBRARY_ADMIN   |\n| admin    | max.root@example.com     | admin    | ADMIN           |\n\n\n## Client Management\n\nIt is planned to provide an integrated client management system via Web UI and Rest API.\nCurrently the Web UI only supports read-only access at [localhost:9090/auth/admin](http://localhost:9090/auth/admin).\nThe Rest API also supports creating new clients already.\n\nThe following predefined clients are setup at startup time automatically:\n\n| Client-Id           | Client-Secret | Confidential | Grants                              | Token-Format | Redirect Uris | CORS |\n| --------------------| --------------| ------------ | ----------------------------------- |--------------|---------------|------|\n| confidential-jwt    | demo          | yes          | Authz Code (+/- PKCE), Client Creds | JWT          | http://localhost:8080/demo-client/login/oauth2/code/demo | * |\n| public-jwt          | --            | no           | Authz Code + PKCE                   | JWT          | http://localhost:8080/demo-client/login/oauth2/code/demo | * |\n| confidential-opaque | demo          | yes          | Authz Code (+/- PKCE), Client Creds | Opaque       | http://localhost:8080/demo-client/login/oauth2/code/demo | * |\n| public-opaque       | --            | no           | Authz Code + PKCE                   | Opaque       | http://localhost:8080/demo-client/login/oauth2/code/demo | * |\n\n\n## Feedback\n\nIf you have any feedback on this project this is highly appreciated.\n\nJust send an email to _andreas.falk(at)novatec-gmbh.de_ or contact me via Twitter (_@andifalk_).\n\n## License\n\nApache 2.0 licensed\n\n[1]:http://www.apache.org/licenses/LICENSE-2.0.txt\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fandifalk%2Fauthorizationserver","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fandifalk%2Fauthorizationserver","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fandifalk%2Fauthorizationserver/lists"}