Have you ever wondered what the heck is OpenID Connect and how it differs from OAuth 2.0? Are Grant Types, Flows, JOSE, JWT or JWK unknown beings for you? Then this workshop is a great opportunity for you to get to know all these things by getting your hands dirty in code using Spring Security 5.1.
This repository contains the complete material for workshop at Spring I/O 2019 on Securing Microservices with OpenID Connect and Spring Security 5.1
This workshop content is split up into the following parts:
-
Introduction into OAuth 2.0 and OpenID Connect 1.0:
Presentation Slides (HTML5)
Presentation Slides (PDF) -
Hands-On Part with Spring Security 5.1
- Creating an OpenID Connect 1.0 resource server
- Mapping OpenID Connect 1.0 claims to Spring Security authorities
- Creating an OpenID Connect 1.0 client
- Testing a OpenID Connect 1.0 resource server
-
A look into the future of OAuth 2.0 and OIDC features to be released in Spring Security 5.2 and 5.3
Presentation Slides (HTML5)
To start the workshop you need:
- Java JDK version 8, 9 or 11
- A Java IDE (Eclipse, STS, IntelliJ, VS Code, NetBeans, ...)
- A tool like curl, HTTPie or Postman is helpful to play with the REST API services.
- The REST API documentation of the initial library application
- Keycloak as OpenID Connect/OAuth2 identity provider/authorization server (see below for setting this up)
- This GitHub repository: (https://github.com/andifalk/oidc-workshop-spring-io-2019.git
Preparation: Setting up Keycloak as Identity Provider
Intro Lab 1: Follow the OAuth 2.0 authorization code flow in detail
Intro Lab 2: Implementing a GitHub Client using common OAuth 2.0 providers
The hands-on part of the workshop is split up into the following parts:
Lab 1: Implementing an OAuth2/OIDC resource server
Lab 2: Implementing an OAuth2/OIDC client (authorization code flow)
Lab 3: Implementing an OAuth2/OIDC client (client credentials flow)
Apache 2.0 licensed
Copyright (c) by 2019 Andreas Falk