{"id":21888631,"url":"https://github.com/swisscom/sample-uaa-spring-boot-service-provider","last_synced_at":"2025-04-15T10:18:20.035Z","repository":{"id":70508850,"uuid":"63685512","full_name":"swisscom/sample-uaa-spring-boot-service-provider","owner":"swisscom","description":null,"archived":false,"fork":false,"pushed_at":"2024-10-16T15:19:17.000Z","size":25,"stargazers_count":4,"open_issues_count":0,"forks_count":4,"subscribers_count":36,"default_branch":"master","last_synced_at":"2025-04-15T10:18:03.354Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/swisscom.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-07-19T10:44:26.000Z","updated_at":"2024-10-16T15:19:20.000Z","dependencies_parsed_at":null,"dependency_job_id":"b6680ba9-d26c-4e62-8ca0-85287fe8aeb6","html_url":"https://github.com/swisscom/sample-uaa-spring-boot-service-provider","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/swisscom%2Fsample-uaa-spring-boot-service-provider","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/swisscom%2Fsample-uaa-spring-boot-service-provider/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/swisscom%2Fsample-uaa-spring-boot-service-provider/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/swisscom%2Fsample-uaa-spring-boot-service-provider/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/swisscom","download_url":"https://codeload.github.com/swisscom/sample-uaa-spring-boot-service-provider/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249048747,"owners_count":21204306,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-28T11:16:18.320Z","updated_at":"2025-04-15T10:18:20.014Z","avatar_url":"https://github.com/swisscom.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Sample Spring boot OAuth2 service provider for UAA\nDemo app that authenticates its users against an OAuth2 provider (i.e. UAA) using the `authorization code` grant type,\nmeaning this app will store the session (and JWT) in its backend.\n\nIt uses Spring boot and Spring security (based on https://github.com/spring-guides/tut-spring-boot-oauth2).\n\nIt is primarily designed to run on CloudFoundry, since it expects the OAuth2 configuration to be passed in `VCAP_SERVICES.\n\n## How it works\nWhen the app is accessed by an unauthenticated user, it redirects the user to the OAuth2 provider (standard OAuth2 `Authorization code` flow).\nWhen the user logs in on the OAuth2 provider, he is redirected back to the app.\nThe app completes the OAuth2 flow and receives the user's info (using the Userinfo endpoint), i.e. its attributes like firstname, lastname.\n\nIt was tested with [UAA](https://github.com/cloudfoundry/uaa) acting as OAuth2 provider, but should work fine with other providers (i.e. Facebook, Github etc.).\n\n## Configure, deploy and test\nThe app expects a `VCAP_SERVICES` env variable containing a service with a tag `oauth2` or a `credentials` with a key `authorizationEndpointUrl`,\nso make sure it is set when running the app.\n\nWhen deploying to CloudFoundry, one can use a [User provided service instance](https://docs.cloudfoundry.org/devguide/services/user-provided.html) to achieve this.\n\nFull example:\n```\n# compile \u0026 push the app\nmvn clean package\ncf push oauth2-simple --random-route --no-start -p target/oauth2-simple-0.0.1-SNAPSHOT.jar\n\n# Now create the user provided service which will be provided to the app in VCAP_SERVICES.\n# The client specified here must be created manually beforehand on the OAuth2 provider.\nCREDENTIALS='{\"authorizationEndpoint\": \"\u003cuaa-url\u003e/oauth/authorize\", \"tokenEndpoint\": \"\u003cuaa-url\u003e/oauth/token\", \"userInfoEndpoint\": \"\u003cuaa-url\u003e/userinfo\", \"logoutEndpoint\": \"\u003cuaa-url\u003e/logout.do\", \"clientId\": \"\u003cclient-id\u003e\", \"clientSecret\": \"\u003cclient-secret\u003e\"}'\ncf create-user-provided-service OAUTH2-CLIENT -p $CREDENTIALS -t oauth2\n\n# Bind \u0026 start the app to make the service instance available\ncf bind-service oauth2-simple OAUTH2-CLIENT\ncf start oauth2-simple\n```\n\nNow access the app in your browser, which redirects you to the UAA/OAuth2 provider you specified in the configuration.\nAfter login, the user attributes passed to the app will be shown:\n```\n{\n  \"details\":\n  {\n    \"user_id\":\"e814ddc8-1b28-422f-b34a-1aa0c97beb31\",\n    \"user_name\":\"jdoe\",\n    \"given_name\":\"John\",\n    \"family_name\":\"Doe\",\n    \"email\":\"john.doe@example.com\",\n    \"name\":\"John Doe\"\n  },\n  \"authorities\":[{\"authority\":\"ROLE_USER\"}],\n  \"authenticated\":true,\n  \"principal\":\"e814ddc8-1b28-422f-b34a-1aa0c97beb31\",\n  \"credentials\":\"N/A\",\n  \"name\":\"e814ddc8-1b28-422f-b34a-1aa0c97beb31\"\n}\n```\n\n## Sample overview\n### Authorization code\n- Service provider (Spring boot): https://github.com/swisscom/sample-uaa-spring-boot-service-provider\n- Service provider (Ruby): https://github.com/swisscom/sample-uaa-ruby-service-provider\n\n### Implicit flow \u0026 Client Credentials\n\u003e **_WARNING:_** [PKCE's](https://oauth.net/2/pkce/) secure implementation renders the implicit flow obsolete, as it is [vulnerable](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics#section-2.1.2) and must not be used anymore.\n- Client (VueJS): https://github.com/swisscom/sample-uaa-vue-client\n- Client (React \u0026 Redux):https://github.com/swisscom/sample-uaa-react-redux-client\n- Client (AngularJS): https://github.com/swisscom/sample-uaa-angular-client\n\n- Resource Server (Spring boot): https://github.com/swisscom/sample-uaa-spring-boot-resource-server\n- Resource Server (Ruby): https://github.com/swisscom/sample-uaa-ruby-resource-server\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fswisscom%2Fsample-uaa-spring-boot-service-provider","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fswisscom%2Fsample-uaa-spring-boot-service-provider","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fswisscom%2Fsample-uaa-spring-boot-service-provider/lists"}