Spring Security OAuth

I've just announced a new course, dedicated on exploring the new OAuth2 stack in Spring Security 5 - Learn Spring Security OAuth: http://bit.ly/github-lsso




Build the Project

mvn clean install

Projects/Modules

This project contains a number of modules, here is a quick description of what each module contains:

Run the Modules

You can run any sub-module using command line:

mvn spring-boot:run

If you're using Spring STS, you can also import them and run them directly, via the Boot Dashboard

You can then access the UI application - for example the module using the Password Grant - like this: http://localhost:8084/

You can login using these credentials, username:john and password:123

Run the Angular 7 Modules

And run the command to download the dependencies:

npm install

Using the JS-only SPA OAuth Client

The main purpose of these projects are to analyze how OAuth should be carried out on Javascript-only Single-Page-Applications, using the authorization_code flow with PKCE.

The clients-SPA-legacy/clients-js-only-react-legacy project includes a very simple Spring Boot Application serving a couple of separate Single-Page-Applications developed in React.

It includes two pages:

The Step-By-Step guide supports using different providers (Authorization Servers) by just adding (or uncommenting) the corresponding entries in the static/spa/js/configs.js.

The 'Step-by-Step' OAuth Client with PKCE page

After running the Spring Boot Application (a simple mvn spring-boot:run command will be enough), we can browse to http://localhost:8080/pkce-stepbystep/index.html and follow the steps to find out what it takes to obtain an access token using the Authorization Code with PKCE Flow.

When prompted the login form, we might need to create a user for our Application first.

The 'Real-Case' OAuth Client with PKCE page

To use all the features contained in the http://localhost:8080/pkce-realcase/index.html page, we'll need to first start the resource server (clients-SPA-legacy/oauth-resource-server-auth0-legacy).

In this page, we can: