spring security OAuth2 using Okta Authorization server and 2 Spring boot Resource servers and 1 Spring boot client
This is the Client Credentials flow which is used for microservice authorization. It does not deal with end users
Create an Authorization Server Application
Login to developer.okta.com and create a machine to machine application. Note down the client_id and the client_secret
Go to API menu and select Authorization Servers
Add an Authorization Server and name the scope as custom_mod
Note down the authorization server uri okta_uri/oauth2/default
The Application and the Authorization server is ready and running
Create 2 resource servers
Create a spring boot resource server application by downloading the pom.xml file
Populate the client_id, client_secret and the tokeninfo uri in the application.yml file as provided
The resource server will use this information to communication to the authorization server to authorize the client app to access the resources
Repeat the same step for resource server 2 but change the resource url and the output
Create a client to consume resources from resource servers
- Create a spring boot client application by downlaoding the pom.xml file
- Provide the baseUrl for the 2 resource servers in the application.yml file
- Provide client_id, client_secret and the accessTokenUri for the client app to obtain access token from the Authorization server
- Provide an user name and password for spring security login
- The Authorization Server runs in Okta
- Resource Server App 1 runs in http://localhost:8080 (This url cannot be accessed due to Authorization)
- Resource Server App 2 runs in http://localhost:8081 (This url cannot be accessed due to Authorization)
- Oauth Client App 1 runs in http://localhost:8083
- Access the url http://localhost:8083/getResource1 to hit the resource server 1.
- The client app will communicate with authorization server by providing the client_id and client_secret and the scope
- The authorization server authenticates the client app and sends the access token to the client app
- The client app will use this access token to communicate with the resource server
- The Resource Server will communicate with the authorization server by providing the client_id, client_secret and the access token
- Once the authorization server verifies the access token and sends the response to the resource server, it checks the scope and provides the resource to the client app
- The same steps are repeated for the Resource server when you hit the uri http://localhost:8083/getResource2
- Spring security handles all the steps in the backend by using spring-security-oauth2-autoconfigure.
- Developer has to write very few lines of code to achieve this