/authorizationserver

Spring Boot OAuth 2.0 & OpenID Connect Identity Provider / Authorization Server

Primary LanguageJavaApache License 2.0Apache-2.0

License Java CI SecurityScan CodeQL

Authorization Server

An OAuth 2.0 & OpenID Connect (OIDC) compliant authorization server just for demo purposes to be used as part of OAuth2/OIDC workshops.

Targets

This authorization server should...

  • be available for free as open-source
  • support efforts to learn OAuth2/OpenID Connect (self-study or as part of workshops)
  • provide an easy way for setting up and run it (i.e. without consulting tons of documentation)
  • support latest specs and drafts for OAuth 2.x and OpenID Connect
  • be provided as docker container & support testcontainers

IMPORTANT:
The intention of this project is to be used for demos and as part of trainings/workshops.
It is NOT ready for production use!!

If you are looking for a production-grade identity access management solution please consult the list of Certified OpenID provider servers and services at the OpenID Foundation.

Features (Supported)

Features (NOT Supported)

Features (Planned)

Roadmap

  • Q1 2021: Release 1.0 - Mandatory OAuth 2.0 & OIDC grant flows, user and client management, H2 in-memory storage
  • Q2 2021: Release 1.1 - Support additional OAuth 2.0 RFCs/Drafts + support other databases for storage

Setup and Run the Authorization Server

To run the server you need at least a Java 11 JDK or higher (versions 11 and 14 are currently tested).

To run the server just perform a gradlew bootrun or run the Spring Boot starter class com.example.authorizationserver.AuthorizationServerApplication via your Java IDE.

It is also planned to provide the server as pre-packaged docker container image at a later project stage.

User Management

It is planned to provide an integrated user management system via Web UI and Rest API. Currently, the Web UI only supports read-only access at localhost:9090/auth/admin. The Rest API also supports creating new users already.

The following predefined users are setup at startup time automatically:

Username Email Password Role
bwayne bruce.wayne@example.com wayne LIBRARY_USER
pparker peter.parker@example.com parker LIBRARY_CURATOR
ckent clark.kent@example.com kent LIBRARY_ADMIN
admin max.root@example.com admin ADMIN

Client Management

It is planned to provide an integrated client management system via Web UI and Rest API. Currently the Web UI only supports read-only access at localhost:9090/auth/admin. The Rest API also supports creating new clients already.

The following predefined clients are setup at startup time automatically:

Client-Id Client-Secret Confidential Grants Token-Format Redirect Uris CORS
confidential-jwt demo yes Authz Code (+/- PKCE), Client Creds JWT http://localhost:8080/demo-client/login/oauth2/code/demo *
public-jwt -- no Authz Code + PKCE JWT http://localhost:8080/demo-client/login/oauth2/code/demo *
confidential-opaque demo yes Authz Code (+/- PKCE), Client Creds Opaque http://localhost:8080/demo-client/login/oauth2/code/demo *
public-opaque -- no Authz Code + PKCE Opaque http://localhost:8080/demo-client/login/oauth2/code/demo *

Feedback

If you have any feedback on this project this is highly appreciated.

Just send an email to andreas.falk(at)novatec-gmbh.de or contact me via Twitter (@andifalk).

License

Apache 2.0 licensed