OAuth2 Login for Spring Boot Application with WSO2 Identity Server
Authentication and authorization is a crosscutting concern of application development. Outsourcing the authentication to 3 rd party identity providers enables the application developer to focus on the business logic and usability of the applications. In this case, the application trusts the identity provider and accept users who are successfully authenticated by the identity providers. We call it identity federation. There are well-known standards to implement identity federation between applications (Service providers) and identity providers. SAML2 , OpenID Connect, and WS-Federation are such standard. Among those standards, OpenId connect is latest and designed for modern applications.
The purpose of this post is to guide the readers on how can they secure Spring Boot based web application using OpenID Connect. I am going to use WSO2 Identity server as an identity provider.
WSO2 Identity server is one of the open source identity and access management solution commercially supported by WSO2 Inc (Disclaimer: I am an employee of the company as of writing).
I have committed a sample Spring Boot application which has step by step guide on how to build a Spring Boot application from scratch and adding Spring security which engages OpenId Connect as an authentication mechanism.
I am going to describe how you can setup WSO2 identity server locally and integrate with above Spring Boot application in rest of the post.
As a first step get the product and start it locally as described in below documentation.
After successfully installing the product, access the management at the following location on https://localhost:9443/carbon and login using default credentials(admin:admin).
Add a service provider by clicking home>main>Add as shown in the screenshot.
Give a meaning full name to the service provider and click register.
Click on inbound authentication >OAuth2/OpenID Connect>Configure on next window.
In next window leave all the default values for the fields except call back url. For call back url add the following url as the call back url. Here the springboot.example.com is mapped to localhost in /etc/hosts file.
Get the consumer id and consumer secret from the next window and update the application.properties of the sample.
Now build the sample and run it.
Access the sample at http://springboot.example.com:8080 it will redirect you to login page.
Select WSO2 as identity provider it will redirect you to login page of WSO2 Identity Server.
Now you have successfully logged into the sample application!
We just developed a Spring Boot application and secured it using OpenId connect. In this sample, I have used WSO2 Identity Server as an OpenId provider but any openId connect provider can be used instead.
