{"id":13694749,"url":"https://github.com/zeldan/spring-boot-oauth2-password-flow","last_synced_at":"2025-04-10T20:22:02.228Z","repository":{"id":217159781,"uuid":"86857936","full_name":"zeldan/spring-boot-oauth2-password-flow","owner":"zeldan","description":"Spring Boot 2 - OAuth2 password-flow with JWT","archived":false,"fork":false,"pushed_at":"2019-08-11T15:24:15.000Z","size":86,"stargazers_count":51,"open_issues_count":0,"forks_count":22,"subscribers_count":3,"default_branch":"master","last_synced_at":"2024-11-12T21:39:11.212Z","etag":null,"topics":["java","jwt-authentication","oauth2","oauth2-password-flow","spring-boot","spring-boot-2"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/zeldan.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-03-31T20:30:02.000Z","updated_at":"2022-07-28T22:01:58.000Z","dependencies_parsed_at":null,"dependency_job_id":"0f0037ba-ea9c-4e81-944c-2a89a63a56b3","html_url":"https://github.com/zeldan/spring-boot-oauth2-password-flow","commit_stats":null,"previous_names":["zeldan/spring-boot-oauth2-password-flow"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zeldan%2Fspring-boot-oauth2-password-flow","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zeldan%2Fspring-boot-oauth2-password-flow/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zeldan%2Fspring-boot-oauth2-password-flow/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zeldan%2Fspring-boot-oauth2-password-flow/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/zeldan","download_url":"https://codeload.github.com/zeldan/spring-boot-oauth2-password-flow/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248289929,"owners_count":21078922,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["java","jwt-authentication","oauth2","oauth2-password-flow","spring-boot","spring-boot-2"],"created_at":"2024-08-02T17:01:40.136Z","updated_at":"2025-04-10T20:22:02.221Z","avatar_url":"https://github.com/zeldan.png","language":"Java","funding_links":[],"categories":["Java"],"sub_categories":[],"readme":"# spring-boot-oauth2-password-flow\n\nIt is a Spring Boot application, that contains all necessary configurations to be able to try oauth2 authorization (password flow).\nIt uses JWT token key for the authorization.\n\nThere is a **hsql** embedded database in the application by default, and it contains two default users (they are uploaded by **resources/data.sql**) \n\n**admin / admin**\n  - role: ROLE_ADMIN\n  - privilege: PRIVILEGE_ADMIN_READ\n\n**user / user**\n  - role: ROLE_USER\n  - privilege: PRIVILEGE_USER_READ\n\nYou can choose postgres or mysql instead of hsql, you have to change active spring profile to **postgres** or **mysql**.\n\n## Try it\n\n1. Init database (postgresql / mysql sql shell)\n```\nCREATE DATABASE zeldan;\n```\n\n2. start the spring-boot app \n\n```mvnw spring-boot:run ```\n\nOR\n\n```mvnw spring-boot:run -Dspring.profiles.active=postgres```\n\nOR\n\n```mvnw spring-boot:run -Dspring.profiles.active=mysql```\n\n3. **get access_token** for\n\nadmin\n\n```\ncurl -X POST -vu client:secret http://localhost:8080/oauth/token -H \"Accept: application/json\" -d \"password=admin\u0026username=admin\u0026grant_type=password\u0026scope=read%20write\u0026client_secret=secret\u0026client_id=client\"\n```\n\nuser\n\n```\ncurl -X POST -vu client:secret http://localhost:8080/oauth/token -H \"Accept: application/json\" -d \"password=user\u0026username=user\u0026grant_type=password\u0026scope=read%20write\u0026client_secret=secret\u0026client_id=client\"\n```\n\nIt will return with the bearer access_token. An example:\n```\n{\n\"access_token\":\"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE0OTE0NjYxMTYsInVzZXJfbmFtZSI6InVzZXIiLCJhdXRob3JpdGllcyI6WyJQUklWSUxFR0VfVVNFUl9SRUFEIl0sImp0aSI6IjQ4MDVhZGQ3LWMzNTgtNDkzMC05ODkwLTEzNjNkNjJiZmQ0ZiIsImNsaWVudF9pZCI6ImNsaWVudCIsInNjb3BlIjpbInJlYWQiLCJ3cml0ZSJdfQ.7nMeIVuskhkmHXxX6CC6RZf9A_aXxsaoTXev6av4h64\",\n\"token_type\":\"bearer\",\n\"refresh_token\":\"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX25hbWUiOiJ1c2VyIiwic2NvcGUiOlsicmVhZCIsIndyaXRlIl0sImF0aSI6IjQ4MDVhZGQ3LWMzNTgtNDkzMC05ODkwLTEzNjNkNjJiZmQ0ZiIsImV4cCI6MTQ5NDAxNDkxNiwiYXV0aG9yaXRpZXMiOlsiUFJJVklMRUdFX1VTRVJfUkVBRCJdLCJqdGkiOiI2MmU0MTU3Yy1hOWNiLTRlYjMtODg1Ni0wMmJhOWI1ZjQ3OWQiLCJjbGllbnRfaWQiOiJjbGllbnQifQ.1fexTQcFC80VkqbDo5zJfCzq0vbPPvJVPp8Nr3CwH68\",\n\"expires_in\":43199,\n\"scope\":\"read write\",\n\"jti\":\"4805add7-c358-4930-9890-1363d62bfd4f\"}\n```\nFrom this, you need \"access_token\", you can check what it contains exactly via **jwt.io**.\n\n4. add **Authorization** header, with Bearer \u003ctoken\u003e\n\n```\ncurl -H \"Authorization: bearer \u003ctoken\u003e\" http://localhost:8080/user\n```\n\nOR\n\n```\ncurl -H \"Authorization: bearer \u003ctoken\u003e\" http://localhost:8080/admin\n```\n\nOf course the http://localhost:8080/admin endpoint is accessible only by admin, and the http://localhost:8080/user is accessible only by user.\nIf you try to access the wrong endpoint with your user, then you will get an error:\n{\"error\":\"unauthorized\",\"error_description\":\"Full authentication is required to access this resource\"} \n\n\u003e Recommendation: \n\u003e    Use **Postman** instead of curl commands.\n\n## FAQ\n\n1. How to add new user\n\nIf you want to add a new user, then you have to add a new line in data.sql:\n\n```  \nINSERT INTO account (id, enabled, username, password) VALUES (3, true, \u003cusername\u003e, \u003cencryptedPassword\u003e);\n```\n\nTo generate encryptedPassword, you can use online bcrypt hash generator (e.g.: https://www.dailycred.com/article/bcrypt-calculator) or you can generate it with Spring Boot BCryptPasswordEncoder (https://docs.spring.io/spring-security/site/docs/current/apidocs/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoder.html).\n\nAfter that you have to insert new user into account_roles, based on what role you want to add to the user (role 1 = admin, role 2 = user).\n\n```\nINSERT INTO account_roles (account_id, roles_role_id) VALUES (3, 1);\n```\n\n\n\n## Technology Stack\n\n* Java 8\n* Spring boot 2.1.7\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzeldan%2Fspring-boot-oauth2-password-flow","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fzeldan%2Fspring-boot-oauth2-password-flow","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzeldan%2Fspring-boot-oauth2-password-flow/lists"}