readme.md

Oauth2 Stateless Authentication with Spring and JWT Token

This project uses Spring Security to authenticate and protect some Rest resources. It uses withAuthorizationServerConfigurerAdapter, ResourceServerConfigurerAdapter and WebSecurityConfigurerAdapter combined with @PreAuthorize to configure the security. It also uses an H2 embeded database to authenticate the users.

External references

This project was inspired by all these references.

Using JWT with Spring Security OAuth

JWT authentication with Spring Web

JWT Authentication Tutorial: An example using Spring Boot

Spring Oauth2 with JWT Sample

OAuth2 in depth: A step-by-step introduction for enterprises

spring-auth-example

To Build and Run

Go to the cloned directory and run mvn spring-boot:run or build with your chosen IDE.

Curl Commands

You should install ./JQ before running these Curl commands.

To get a new token
curl trusted-app:secret@localhost:8080/oauth/token -d "grant_type=password&username=user&password=password" | jq
To get a refresh token
curl trusted-app:secret@localhost:8080/oauth/token -d "grant_type=access_token&access_tokem=[ACCESS_TOKEN]" | jq
To access a protected resource
curl -H "Authorization: Bearer [ACCESS_TOKEN]" localhost:8080/api/hello

Register new Account
curl -H "Authorization: Bearer $(curl register-app:secret@localhost:8080/oauth/token -d "grant_type=client_credentials&client_id=register-app" | jq --raw-output ."access_token")" localhost:8080/api/register -H "Content-Type: application/json" -d '{"username":"new-user","password":"password","firstName":"First","lastName":"Last","email":"email@email.com"}' | jq

Curl sample commands api/me curl -H "Authorization: Bearer $(curl trusted-app:secret@localhost:8080/oauth/token -d "grant_type=password&username=user&password=password" | jq --raw-output ."access_token")" localhost:8080/api/me | jq