Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/ims94/spring-boot-jwt-auth-server
Using JWTs issued by an external authorization server to authentication REST APIs with Spring Boot
https://github.com/ims94/spring-boot-jwt-auth-server
auth authentication jwt jwt-authentication oauth2 oidc openid openid-connect ractjs rest-api spring-boot spring-boot-3 spring-security
Last synced: 22 days ago
JSON representation
Using JWTs issued by an external authorization server to authentication REST APIs with Spring Boot
- Host: GitHub
- URL: https://github.com/ims94/spring-boot-jwt-auth-server
- Owner: IMS94
- Created: 2022-04-16T14:49:01.000Z (over 2 years ago)
- Default Branch: master
- Last Pushed: 2023-01-17T19:05:37.000Z (almost 2 years ago)
- Last Synced: 2023-03-03T00:18:49.822Z (almost 2 years ago)
- Topics: auth, authentication, jwt, jwt-authentication, oauth2, oidc, openid, openid-connect, ractjs, rest-api, spring-boot, spring-boot-3, spring-security
- Language: JavaScript
- Homepage:
- Size: 368 KB
- Stars: 11
- Watchers: 1
- Forks: 5
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Spring Boot REST API JWT Authentication with an external Authorization Server
_**keywords**_: Spring Boot, REST API, JWT, Authentication, Authorization Server, OAuth2 Resource Server
## Overview
**NOTE:** See the original article at [**JWT Authentication with OAuth2 Resource Server and an external Authorization Server**](https://medium.com/geekculture/jwt-authentication-with-oauth2-resource-server-and-an-external-authorization-server-2b8fd1524fc8)
This is a demo to show how we can use the Spring Boot's OAuthResourceServer's `jwt` authentication to protect a REST API
using OIDC/OAuth2 tokens (Access Tokens/JWT) obtained from an external authorization server.
* `frontend` directory contains the example frontend## Getting Started
### Backend
1. Run the following command to build the backend
```bash
./mvnw clean install -DskipTests
```
2. Start the `JwtAuthIdentityProviderApplication` main class to start the REST API. It will start at http://localhost:8080### Frontend (React.js Example)
1. Run the following command to build and start the frontend (within the `frontend` directory):
```bash
npm install
npm start
```
The frontend React.js app will start at http://localhost:3000## Solution Overview
### Authorization Code Flow
```mermaid
sequenceDiagram
actor User
participant SPA as Single Page Application
(Browser)
participant Auth as Authorization Server
activate User
activate SPA
User -->> SPA: open web application
SPA ->> SPA: show login page
User -->> SPA: click "login"
activate Auth
SPA ->> Auth: redirect to auth server
https://auth-server.com/authorize
Note over SPA,Auth: this redirect contains the "grant_type" and
requested "scopes"
Auth ->> Auth: show login page
User -->> Auth: login
Auth ->> SPA: redirect to SPA
https://webapp.com/auth-callback?code=xxxx
Note over SPA, Auth: the redirect URI has the authorization code
as a query parameter
SPA ->> Auth: get access token
https://auth-server.com/token
Note right of SPA: /token request includes the "auth code" received
Auth ->> SPA: id_token and access_token
deactivate Auth
SPA ->> SPA: validate id_token
SPA ->> SPA: login user to the app
SPA -->> User: show functionalities
deactivate SPA
deactivate User
```### Invoking the backend REST API
```mermaid
sequenceDiagram
autonumber
actor User
participant SPA as Single Page Application
(Browser)
participant Filter as OAuth2 Resource Server
(Backend)
participant API as Product REST API
(Backend)
participant Auth as Authorization Server
(External)
activate User
activate SPA
User -->> SPA: list products
activate Filter
SPA ->> Filter: GET https://api.com/products
Note right of SPA: Include authorization header
Authorization: Bearer ${access_token}
Filter ->> Filter: validate JWT in "Authorization" header
activate Auth
rect rgb(191, 223, 255)
Filter ->> Auth: get JWKS from authorization server
https://auth-server.com/jwks
Note over Filter,Auth: Obtaining JWKS is a one time task
and will be cached for future usage
Auth ->> Filter: JWKS (Json Web Key Set)
end
deactivate Auth
alt JWT valid
activate API
Filter ->> API: Forward to /products service
API ->> API: Fetch products from DB
API ->> SPA: products list
deactivate API
SPA -->> User: show product list
else JWT not valid
Filter ->> SPA: Unauthorized
SPA -->> User: show not permitted error
end
deactivate Filter
deactivate User
deactivate SPA```