OAuth 2.0 / OpenID Connect 1.0 Workshop

Authentication and authorization for Microservices with OAuth 2.0 (OAuth2) and OpenID Connect 1.0 (OIDC).

Presentation Slides (PDF)

Hands-On Workshop

For the hands-on workshop you will extend a provided sample application:

An Online Book Library with following use cases:

• Administer Library Users
• Administer Books
• List available Books
• Borrow a Book
• Return a previously borrowed Book

The components you will use and build look like this:

To use the sample library server application please consult the REST API documentation.

You may use the provided Postman Collection. Just import this collection (Version 2.1 format) into Postman.

All the code currently is build and tested against:

• Java 8, Java 9 and Java 11
• Spring Boot 2.2.0 Release
• Spring Framework 5.2.0 Release
• Spring Security 5.2.0 Release
• Spring Batch 4.2.0 Release

Preparation and Setup

Requirements and useful tools

• Java SDK Version 8, 9 or 11
• A Java IDE (Eclipse, IntelliJ, VS Code, ...)
• Git
• Postman, Httpie, or Curl for REST calls

IntelliJ specific requirements

IntelliJ does not require any specific additional plugins or configuration.

Eclipse IDE specific requirements

Please make sure you have installed the Buildship Gradle Integration from the eclipse marketplace.

To start spring boot applications from within Eclipse please install "Spring Tools 4 - for Spring Boot" extension from marketplace (under 'popular' tab) or just use the eclipsed based Spring Toolsuite 4 directly.

VS Code specific requirements

To be able to work properly in VS Code with this Spring Boot Java Gradle project you need at least these extensions:

• Java Extension Pack
• vscode-gradle-language
• VS Code Spring Boot Application Development Extension Pack

Get the source code

Clone this GitHub repository (https://github.com/andifalk/secure-oauth2-oidc-workshop):

git clone https://github.com/andifalk/secure-oauth2-oidc-workshop.git oidc_workshop

After that you can import the whole workshop project directory into your IDE as a gradle project:

• IntelliJ: "New project from existing sources..." and then select 'Gradle' when prompted
• Eclipse or Spring ToolSuite: "Import/Gradle/Existing gradle project"
• Visual Studio Code: Just open the root directory and wait until VS Code configured the project

Setup Keycloak

1. Download 'keycloak_workshop.zip' from https://tinyurl.com/y3wjzwch (Use password: 'Workshop')
2. Extract the downloaded keycloak_workshop.zip file into a new local directory of your choice (this directory will be referenced as <KEYCLOAK_INSTALL_DIR> in next steps)
3. To startup Keycloak:
   1. Open a terminal and change directory to sub directory <KEYCLOAK_INSTALL_DIR>/bin and start Keycloak using the standalone.sh(Linux or Mac OS) or standalone.bat (Windows) scripts
   2. Wait until keycloak has been started completely - you should see something like this ...(WildFly Core ...) started in 6902ms - Started 580 of 842 services
   3. Now direct your browser to localhost:8080/auth/admin
   4. Login into the admin console using admin/admin as credentials

Now, if you see the realm workshop on the left then Keycloak is ready to use it for this workshop

Intro Labs

• Intro Lab: Authorization Code Grant Flow in Detail
• Intro Lab: A pre-defined OAuth2 client for GitHub

Hands-On Labs

• Lab 1: OAuth2/OIDC Resource Server
• Lab 2: OAuth2/OIDC Web Client (Auth Code Flow)
• Lab 3: OAuth2/OIDC Batch Job Client (Client-Credentials Flow)
• Lab 4: OAuth2/OIDC Testing Environment

Bonus Labs

• Demo: OAuth2/OIDC Resource Server with Micronaut

License

Apache 2.0 licensed Copyright (c) by 2019 Andreas Falk