https://github.com/tinmegali/Oauth2-Stateless-Authentication-with-Spring-and-JWT-Token

Oauth2 Stateless Authentication with Spring and JWT Token
https://github.com/tinmegali/Oauth2-Stateless-Authentication-with-Spring-and-JWT-Token

h2-database oauth2 spring-boot spring-security spring-security-oauth2

Last synced: 2 days ago
JSON representation

Oauth2 Stateless Authentication with Spring and JWT Token

• Host: GitHub
• URL: https://github.com/tinmegali/Oauth2-Stateless-Authentication-with-Spring-and-JWT-Token
• Owner: tinmegali
• License: mit
• Created: 2017-06-20T23:32:36.000Z (over 7 years ago)
• Default Branch: master
• Last Pushed: 2018-10-02T08:50:57.000Z (about 6 years ago)
• Last Synced: 2024-08-01T09:23:07.671Z (3 months ago)
• Topics: h2-database, oauth2, spring-boot, spring-security, spring-security-oauth2
• Language: Java
• Size: 532 KB
• Stars: 108
• Watchers: 10
• Forks: 46
• Open Issues: 2
• Metadata Files:
  • Readme: readme.md
  • License: LICENSE

Awesome Lists containing this project

README

        


Oauth2 Stateless Authentication with Spring and JWT Token





This project uses Spring Security to authenticate and protect some Rest resources.

 It uses withAuthorizationServerConfigurerAdapter, ResourceServerConfigurerAdapter

  and WebSecurityConfigurerAdapter combined with @PreAuthorize to configure the security.

  It also uses an H2 embeded database to authenticate the users.



Article on the project

USING SPRING OAUTH2 TO SECURE REST


External references

This project was inspired by all these references.

 Using JWT with Spring Security OAuth

 JWT authentication with Spring Web

 JWT Authentication Tutorial: An example using Spring Boot

 Spring Oauth2 with JWT Sample

 OAuth2 in depth: A step-by-step introduction for enterprises

 spring-auth-example


To Build and Run

Go to the cloned directory and run mvn spring-boot:run or build with your chosen IDE.


Curl Commands

You should install ./JQ before running these Curl commands.



To get a new token 




curl trusted-app:secret@localhost:8080/oauth/token -d "grant_type=password&username=user&password=password" | jq






To get a refresh token




curl trusted-app:secret@localhost:8080/oauth/token -d "grant_type=access_token&access_tokem=[ACCESS_TOKEN]" | jq






To access a protected resource




curl -H "Authorization: Bearer [ACCESS_TOKEN]" localhost:8080/api/hello







Register new Account




curl -H "Authorization: Bearer $(curl register-app:secret@localhost:8080/oauth/token -d "grant_type=client_credentials&client_id=register-app" | jq --raw-output ."access_token")" localhost:8080/api/register -H "Content-Type: application/json" -d '{"username":"new-user","password":"password","firstName":"First","lastName":"Last","email":"[email protected]"}' | jq









Curl sample commands

api/me



curl -H "Authorization: Bearer $(curl trusted-app:secret@localhost:8080/oauth/token -d "grant_type=password&username=user&password=password" | jq --raw-output ."access_token")" localhost:8080/api/me | jq