Skip to content

curityio/springboot-api-jwt-validation

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
gradle/wrapper
gradle/wrapper
 
 
src/main
src/main
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
build.gradle
build.gradle
 
 
gradlew
gradlew
 
 
gradlew.bat
gradlew.bat
 
 
settings.gradle
settings.gradle
 
 

Repository files navigation

Spring Boot API OAuth Integration

Quality Availability

A basic sample to show how to use Spring Boot as an OAuth framework for managing JWT validation.
After validating the JWT, the controller then uses scopes and claims from the API when serving data.

Run the API

First ensure that a Java Development Kit of 17 or later is installed.
Then edit the application.yml file to point to a valid issuer URI:

spring:
  security:
    oauth2:
      resourceserver:
        jwt:
          issuer-uri: https://idsvr.example.com/oauth/v2/oauth-anonymous

Run the API

Build and run the API with the following command, and the API will listen on port 8080 by default:

./gradlew bootRun

Call the API

The API requires a valid JWT access token, or it will return a 401 response:

curl -i http://localhost:8080/services -H "Authorization:  Bearer eyJraWQiOiIxNzQwNDU5OTIxIiwieDV0..."

The JWT access token must have a services:read scope or the API will return a 403 response.
If the access token includes a claim containing role=developer, then the API returns additional data.

Further Information

About

Spring Boot API OAuth Integration and Validation of JWTs

curity.io/resources/learn/spring-boot-api/

Topics

api oauth2 spring-boot scopes claims zero-trust jwt-validation code-example

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

2 stars

Watchers

5 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages