Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/zeldan/spring-boot-oauth2-password-flow

Spring Boot 2 - OAuth2 password-flow with JWT
https://github.com/zeldan/spring-boot-oauth2-password-flow

java jwt-authentication oauth2 oauth2-password-flow spring-boot spring-boot-2

Last synced: about 1 year ago
JSON representation

Spring Boot 2 - OAuth2 password-flow with JWT

Awesome Lists containing this project

README 

          
# spring-boot-oauth2-password-flow



It is a Spring Boot application, that contains all necessary configurations to be able to try oauth2 authorization (password flow).

It uses JWT token key for the authorization.



There is a **hsql** embedded database in the application by default, and it contains two default users (they are uploaded by **resources/data.sql**) 



**admin / admin**

  - role: ROLE_ADMIN

  - privilege: PRIVILEGE_ADMIN_READ



**user / user**

  - role: ROLE_USER

  - privilege: PRIVILEGE_USER_READ



You can choose postgres or mysql instead of hsql, you have to change active spring profile to **postgres** or **mysql**.



## Try it



1. Init database (postgresql / mysql sql shell)

```

CREATE DATABASE zeldan;

```



2. start the spring-boot app 



```mvnw spring-boot:run ```



OR



```mvnw spring-boot:run -Dspring.profiles.active=postgres```



OR



```mvnw spring-boot:run -Dspring.profiles.active=mysql```



3. **get access_token** for



admin



```

curl -X POST -vu client:secret http://localhost:8080/oauth/token -H "Accept: application/json" -d "password=admin&username=admin&grant_type=password&scope=read%20write&client_secret=secret&client_id=client"

```



user



```

curl -X POST -vu client:secret http://localhost:8080/oauth/token -H "Accept: application/json" -d "password=user&username=user&grant_type=password&scope=read%20write&client_secret=secret&client_id=client"

```



It will return with the bearer access_token. An example:

```

{

"access_token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE0OTE0NjYxMTYsInVzZXJfbmFtZSI6InVzZXIiLCJhdXRob3JpdGllcyI6WyJQUklWSUxFR0VfVVNFUl9SRUFEIl0sImp0aSI6IjQ4MDVhZGQ3LWMzNTgtNDkzMC05ODkwLTEzNjNkNjJiZmQ0ZiIsImNsaWVudF9pZCI6ImNsaWVudCIsInNjb3BlIjpbInJlYWQiLCJ3cml0ZSJdfQ.7nMeIVuskhkmHXxX6CC6RZf9A_aXxsaoTXev6av4h64",

"token_type":"bearer",

"refresh_token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX25hbWUiOiJ1c2VyIiwic2NvcGUiOlsicmVhZCIsIndyaXRlIl0sImF0aSI6IjQ4MDVhZGQ3LWMzNTgtNDkzMC05ODkwLTEzNjNkNjJiZmQ0ZiIsImV4cCI6MTQ5NDAxNDkxNiwiYXV0aG9yaXRpZXMiOlsiUFJJVklMRUdFX1VTRVJfUkVBRCJdLCJqdGkiOiI2MmU0MTU3Yy1hOWNiLTRlYjMtODg1Ni0wMmJhOWI1ZjQ3OWQiLCJjbGllbnRfaWQiOiJjbGllbnQifQ.1fexTQcFC80VkqbDo5zJfCzq0vbPPvJVPp8Nr3CwH68",

"expires_in":43199,

"scope":"read write",

"jti":"4805add7-c358-4930-9890-1363d62bfd4f"}

```

From this, you need "access_token", you can check what it contains exactly via **jwt.io**.



4. add **Authorization** header, with Bearer 



```

curl -H "Authorization: bearer " http://localhost:8080/user

```



OR



```

curl -H "Authorization: bearer " http://localhost:8080/admin

```



Of course the http://localhost:8080/admin endpoint is accessible only by admin, and the http://localhost:8080/user is accessible only by user.

If you try to access the wrong endpoint with your user, then you will get an error:

{"error":"unauthorized","error_description":"Full authentication is required to access this resource"} 



> Recommendation: 

>    Use **Postman** instead of curl commands.



## FAQ



1. How to add new user



If you want to add a new user, then you have to add a new line in data.sql:



```  

INSERT INTO account (id, enabled, username, password) VALUES (3, true, , );

```



To generate encryptedPassword, you can use online bcrypt hash generator (e.g.: https://www.dailycred.com/article/bcrypt-calculator) or you can generate it with Spring Boot BCryptPasswordEncoder (https://docs.spring.io/spring-security/site/docs/current/apidocs/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoder.html).



After that you have to insert new user into account_roles, based on what role you want to add to the user (role 1 = admin, role 2 = user).



```

INSERT INTO account_roles (account_id, roles_role_id) VALUES (3, 1);

```



## Technology Stack



* Java 8

* Spring boot 2.1.7