{"id":24414644,"url":"https://github.com/andifalk/custom-spring-authorization-server","last_synced_at":"2025-04-09T06:13:22.835Z","repository":{"id":65041571,"uuid":"466198963","full_name":"andifalk/custom-spring-authorization-server","owner":"andifalk","description":"Customized version of the spring authorization server","archived":false,"fork":false,"pushed_at":"2025-03-29T20:18:49.000Z","size":191,"stargazers_count":72,"open_issues_count":1,"forks_count":46,"subscribers_count":6,"default_branch":"master","last_synced_at":"2025-03-29T21:24:42.348Z","etag":null,"topics":["authorization-server","oauth2","openid-connect","spring"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/andifalk.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-03-04T16:43:31.000Z","updated_at":"2025-03-29T20:18:53.000Z","dependencies_parsed_at":"2023-10-16T11:51:47.208Z","dependency_job_id":"d9050e57-b0c7-484a-8413-207ca209a50b","html_url":"https://github.com/andifalk/custom-spring-authorization-server","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andifalk%2Fcustom-spring-authorization-server","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andifalk%2Fcustom-spring-authorization-server/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andifalk%2Fcustom-spring-authorization-server/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andifalk%2Fcustom-spring-authorization-server/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/andifalk","download_url":"https://codeload.github.com/andifalk/custom-spring-authorization-server/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247987285,"owners_count":21028895,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authorization-server","oauth2","openid-connect","spring"],"created_at":"2025-01-20T07:19:13.824Z","updated_at":"2025-04-09T06:13:22.812Z","avatar_url":"https://github.com/andifalk.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![License](https://img.shields.io/badge/License-Apache%20License%202.0-brightgreen.svg)][1]\n![Build with Maven](https://github.com/andifalk/custom-spring-authorization-server/actions/workflows/build.yml/badge.svg)\n![Code QL](https://github.com/andifalk/custom-spring-authorization-server/actions/workflows/codeql.yml/badge.svg)\n\n# Spring Authorization Server\n\nCustomized from sample at [https://github.com/spring-projects/spring-authorization-server](https://github.com/spring-projects/spring-authorization-server).\n\n## Requirements\n\nTo run this server you need at least a Java 21 runtime as this project uses spring boot 3.x.\n\n## Usage\n\nStart the server by running the class _com.example.spring.authorizationserver.SpringAuthorizationServerApplication_.\n\nLook up the OAuth2/OIDC configuration from [http://localhost:9000/.well-known/openid-configuration](http://localhost:9000/.well-known/openid-configuration) to configure your clients and resource servers.\n\nThese are the most important configuration settings:\n\n| Configuration Parameter | Value                                   | \n|-------------------------|-----------------------------------------|\n| issuer                  | http://localhost:9000                   |\n| authorization_endpoint  | http://localhost:9000/oauth2/authorize  |\n| token_endpoint          | http://localhost:9000/oauth2/token      |\n| jwks_uri                | http://localhost:9000/oauth2/jwks       |\n| userinfo_endpoint       | http://localhost:9000/userinfo          |\n| introspection_endpoint  | http://localhost:9000/oauth2/introspect |\n\n## Registered Clients\n\nThis server comes with predefined registered OAuth2/OIDC clients:\n\n| Client ID               | Client-Secret | PKCE | Client-Credentials Grant | Access Token Format |\n|-------------------------|---------------|------|--------------------------|---------------------|\n| demo-client             | secret        | --   | X                        | JWT                 |\n| demo-client-pkce        | --            | X    | --                       | JWT                 |\n| demo-client-opaque      | secret        | --   | X                        | Opaque              |\n| demo-client-pkce-opaque | --            | X    | --                       | Opaque              |\n\nAll clients have configured the following redirect URIs (including a special one for postman):\n\n* http://127.0.0.1:9095/client/callback\n* http://127.0.0.1:9095/client/authorized\n* http://127.0.0.1:9095/client\n* http://127.0.0.1:9095/login/oauth2/code/spring-authz-server\n* http://localhost:9095/client/callback\n* http://localhost:9095/client/authorized\n* http://localhost:9095/client\n* http://localhost:9095/login/oauth2/code/spring-authz-server\n* https://oauth.pstmn.io/v1/callback\n\n## Login\n\nThis server already has preconfigured users.\nTherefore, to login please use one of these predefined credentials:\n\n| Username | Email                    | Password | Roles       |\n|----------|--------------------------|----------|-------------|\n| bwayne   | bruce.wayne@example.com  | wayne    | USER        |\n| ckent    | clark.kent@example.com   | kent     | USER        |\n| pparker  | peter.parker@example.com | parker   | USER, ADMIN |\n\n## Postman\n\nYou may use the provided postman collections to try the authorization server endpoints and the registered clients.\nThe collections (for both JWT and Opaque tokens) can be found in the _postman_ folder.\n\n## Customizations\n\nThis customized version contains an extended `user` object compared to the standard spring security `user` object.\nThe contents of id and access tokens and user info endpoint information is customized for extended user data as well.\n\nCheck the spring [authorization server reference docs](https://docs.spring.io/spring-authorization-server/docs/current/reference/html/guides/how-to-userinfo.html) for more information.\n\n### Configure information returned to the userinfo endpoint\n\n__com.example.spring.authorizationserver.config.AuthorizationServerConfig:__\n\n```java\n@Configuration(proxyBeanMethods = false)\npublic class AuthorizationServerConfig {\n    @Bean\n    @Order(Ordered.HIGHEST_PRECEDENCE + 1)\n    public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {\n        Function\u003cOidcUserInfoAuthenticationContext, OidcUserInfo\u003e userInfoMapper = (context) -\u003e {\n            OidcUserInfoAuthenticationToken authentication = context.getAuthentication();\n            return new OidcUserInfo(oidcUserInfoService().loadUser(authentication.getName()).getClaims());\n        };\n\n        OAuth2AuthorizationServerConfigurer authorizationServerConfigurer = new OAuth2AuthorizationServerConfigurer();\n        RequestMatcher endpointsMatcher = authorizationServerConfigurer.getEndpointsMatcher();\n        http.securityMatcher(endpointsMatcher).authorizeHttpRequests((authorize) -\u003e\n                authorize.anyRequest().authenticated()).csrf((csrf) -\u003e {\n            csrf.ignoringRequestMatchers(endpointsMatcher);\n        }).with(authorizationServerConfigurer, withDefaults());\n        authorizationServerConfigurer.oidc(\n                o -\u003e o\n                        .providerConfigurationEndpoint(Customizer.withDefaults())\n                        .clientRegistrationEndpoint(Customizer.withDefaults())\n                        .userInfoEndpoint((userInfo) -\u003e userInfo\n                                .userInfoMapper(userInfoMapper)\n                        )\n        );\t// Enable OpenID Connect 1.0\n\n        http\n                .exceptionHandling((exceptions) -\u003e exceptions\n                        .defaultAuthenticationEntryPointFor(\n                                new LoginUrlAuthenticationEntryPoint(\"/login\"),\n                                new MediaTypeRequestMatcher(MediaType.TEXT_HTML)\n                        )\n                )\n                .oauth2ResourceServer((resourceServer) -\u003e resourceServer\n                        .opaqueToken(Customizer.withDefaults()));\n        return http.build();\n    }\n}\n```\n\n### Customize id and access token contents\n\n```java\n@Configuration\npublic class JwtTokenCustomizerConfig {\n    @Bean\n    public OAuth2TokenCustomizer\u003cJwtEncodingContext\u003e tokenCustomizer(OidcUserInfoService userInfoService) {\n        return (context) -\u003e {\n            context.getJwsHeader().type(\"jwt\");\n            if (!AuthorizationGrantType.CLIENT_CREDENTIALS.equals(context.getAuthorizationGrantType())) {\n                if (ID_TOKEN.equals(context.getTokenType().getValue()) || ACCESS_TOKEN.equals(context.getTokenType())) {\n                    OidcUserInfo userInfo = userInfoService.loadUser(\n                            context.getPrincipal().getName());\n                    context.getClaims().claims(claims -\u003e\n                            claims.putAll(userInfo.getClaims()));\n                    if (ACCESS_TOKEN.equals(context.getTokenType())) {\n                        context.getClaims().audience(\n                                List.of(\n                                        context.getRegisteredClient().getClientId(),\n                                        \"demo-api\"\n                                )\n                        );\n                    }\n                }\n            }\n        };\n    }\n}\n```\n\n## Testing the Authorization Server\n\nYou may use the http client requests located in the `requests` folder if you are using IntelliJ.\n\nFor testing this authorization server with client- or server applications, please use the corresponding GitHub repository for [Custom Spring Authorization Server Samples](https://github.com/andifalk/custom-spring-authorization-server-samples).\n\nThis includes a demo OAuth client and resource server.\n\n## Feedback\n\nAny feedback on this project is highly appreciated.\n\nJust email _andreas.falk(at)novatec-gmbh.de_ or contact me via Twitter (_@andifalk_).\n\n## License\n\nApache 2.0 licensed\n\n[1]:http://www.apache.org/licenses/LICENSE-2.0.txt","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fandifalk%2Fcustom-spring-authorization-server","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fandifalk%2Fcustom-spring-authorization-server","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fandifalk%2Fcustom-spring-authorization-server/lists"}