{"id":22243161,"url":"https://github.com/ims94/spring-boot-jwt-auth-server","last_synced_at":"2025-07-28T01:32:27.887Z","repository":{"id":40343847,"uuid":"482280751","full_name":"IMS94/spring-boot-jwt-auth-server","owner":"IMS94","description":"Using JWTs issued by an external authorization server to authentication REST APIs with Spring Boot","archived":false,"fork":false,"pushed_at":"2023-01-17T19:05:37.000Z","size":377,"stargazers_count":11,"open_issues_count":1,"forks_count":5,"subscribers_count":1,"default_branch":"master","last_synced_at":"2023-03-03T00:18:49.822Z","etag":null,"topics":["auth","authentication","jwt","jwt-authentication","oauth2","oidc","openid","openid-connect","ractjs","rest-api","spring-boot","spring-boot-3","spring-security"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/IMS94.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-04-16T14:49:01.000Z","updated_at":"2023-01-24T16:41:35.000Z","dependencies_parsed_at":"2023-02-10T11:32:53.015Z","dependency_job_id":null,"html_url":"https://github.com/IMS94/spring-boot-jwt-auth-server","commit_stats":null,"previous_names":[],"tags_count":null,"template":null,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/IMS94%2Fspring-boot-jwt-auth-server","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/IMS94%2Fspring-boot-jwt-auth-server/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/IMS94%2Fspring-boot-jwt-auth-server/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/IMS94%2Fspring-boot-jwt-auth-server/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/IMS94","download_url":"https://codeload.github.com/IMS94/spring-boot-jwt-auth-server/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":227851703,"owners_count":17829397,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["auth","authentication","jwt","jwt-authentication","oauth2","oidc","openid","openid-connect","ractjs","rest-api","spring-boot","spring-boot-3","spring-security"],"created_at":"2024-12-03T04:21:16.872Z","updated_at":"2024-12-03T04:21:17.488Z","avatar_url":"https://github.com/IMS94.png","language":"JavaScript","readme":"# Spring Boot REST API JWT Authentication with an external Authorization Server\n\n_**keywords**_: Spring Boot, REST API, JWT, Authentication, Authorization Server, OAuth2 Resource Server\n\n## Overview\n\n**NOTE:** See the original article at [**JWT Authentication with OAuth2 Resource Server and an external Authorization Server**](https://medium.com/geekculture/jwt-authentication-with-oauth2-resource-server-and-an-external-authorization-server-2b8fd1524fc8)\n\nThis is a demo to show how we can use the Spring Boot's OAuthResourceServer's `jwt` authentication to protect a REST API\nusing OIDC/OAuth2 tokens (Access Tokens/JWT) obtained from an external authorization server.\n* `frontend` directory contains the example frontend\n\n## Getting Started\n\n### Backend\n1. Run the following command to build the backend\n```bash\n./mvnw clean install -DskipTests\n```\n2. Start the `JwtAuthIdentityProviderApplication` main class to start the REST API. It will start at http://localhost:8080\n\n### Frontend (React.js Example)\n1. Run the following command to build and start the frontend (within the `frontend` directory):\n```bash\nnpm install\nnpm start\n```\nThe frontend React.js app will start at http://localhost:3000\n\n## Solution Overview\n\n### Authorization Code Flow\n\n```mermaid\nsequenceDiagram\n    actor User\n    participant SPA as Single Page Application\u003cbr/\u003e(Browser)\n    participant Auth as Authorization Server\n    \n    activate User\n    activate SPA\n    User --\u003e\u003e SPA: open web application\n    SPA -\u003e\u003e SPA: show login page\n    \n    User --\u003e\u003e SPA: click \"login\"\n    \n    activate Auth\n    SPA -\u003e\u003e Auth: redirect to auth server\u003cbr/\u003ehttps://auth-server.com/authorize\n    Note over SPA,Auth: this redirect contains the \"grant_type\" and\u003cbr/\u003erequested \"scopes\"\n    Auth -\u003e\u003e Auth: show login page\n    User --\u003e\u003e Auth: login\n    Auth -\u003e\u003e SPA: redirect to SPA\u003cbr/\u003ehttps://webapp.com/auth-callback?code=xxxx\n    Note over SPA, Auth: the redirect URI has the authorization code\u003cbr/\u003eas a query parameter\n    \n    SPA -\u003e\u003e Auth: get access token\u003cbr/\u003ehttps://auth-server.com/token\n    Note right of SPA: /token request includes the \"auth code\" received\n    Auth -\u003e\u003e SPA: id_token and access_token\n    \n    deactivate Auth\n    SPA -\u003e\u003e SPA: validate id_token\n    SPA -\u003e\u003e SPA: login user to the app\n    SPA --\u003e\u003e User: show functionalities\n    \n    deactivate SPA\n    deactivate User\n```\n\n### Invoking the backend REST API\n\n```mermaid\nsequenceDiagram\n    autonumber\n    \n    actor User\n    participant SPA as Single Page Application\u003cbr/\u003e(Browser)\n    participant Filter as OAuth2 Resource Server\u003cbr\u003e(Backend)\n    participant API as Product REST API\u003cbr\u003e(Backend)\n    participant Auth as Authorization Server\u003cbr\u003e(External)\n    \n    activate User\n    activate SPA\n    \n    User --\u003e\u003e SPA: list products\n    \n    activate Filter\n    \n    SPA -\u003e\u003e Filter: GET https://api.com/products\n    Note right of SPA: Include authorization header\u003cbr/\u003eAuthorization: Bearer ${access_token}\n    \n    Filter -\u003e\u003e Filter: validate JWT in \"Authorization\" header\n    \n    activate Auth\n    rect rgb(191, 223, 255)\n    Filter -\u003e\u003e Auth: get JWKS from authorization server\u003cbr/\u003ehttps://auth-server.com/jwks\n    Note over Filter,Auth: Obtaining JWKS is a one time task\u003cbr/\u003eand will be cached for future usage\n    Auth -\u003e\u003e Filter: JWKS (Json Web Key Set)\n    end\n    deactivate Auth\n    \n    alt JWT valid\n        activate API\n        Filter -\u003e\u003e API: Forward to /products service\n        API -\u003e\u003e API: Fetch products from DB\n        API -\u003e\u003e SPA: products list\n        deactivate API\n        SPA --\u003e\u003e User: show product list\n    else JWT not valid\n        Filter -\u003e\u003e SPA: Unauthorized\n        SPA --\u003e\u003e User: show not permitted error\n    end\n    \n    deactivate Filter\n    \n    deactivate User\n    deactivate SPA\n\n```\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fims94%2Fspring-boot-jwt-auth-server","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fims94%2Fspring-boot-jwt-auth-server","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fims94%2Fspring-boot-jwt-auth-server/lists"}