Spring, Spring Boot, React and OAuth
Posted in :
Baeldung : A Comparison Between Spring and Spring Boot
Tutorials from Okta
Working in progress
Identity, Claims, Tokens – An OpenID Connect Primer, Part 1 of 3 (Micah Silverman, below 2 and 3, are also by Micah)
OIDC in Action – An OpenID Connect Primer, Part 2 of 3
What’s in a Token? – An OpenID Connect Primer, Part 3 of 3
Secure Service-to-Service Spring Microservices with HTTPS and OAuth 2.0 (Matt Raible) : some errors due to java certs
Completed
Build a Basic App with Spring Boot and JPA using PostgreSQL (Andrew Hughes): this example uses Springboot, postgres and Okta single page web app, groups / users and authorization server (default). It goes through a basic springboot app using postgres, before adding the auth (token) from okta. It’s a very good example of how we secure an end point as well as authenticating via user group (admin vs normal / everyday user). The OIDC debugger tool created by former Okta engineer Nate Barbettini is very slick too.
Secure a Spring Boot REST API with JSON Web Token Plus references to Angular integration (Nouhoun Y. Diarra) : a small typo: the health check URL should be http://localhost:8080/actuator/healthTutorial:
Develop Apps with Secure WebSockets in Java (Jimena Garbarino):
Secure Reactive Microservices with Spring Cloud Gateway (Matt Raible) link to my github
A Quick Guide to Spring Boot Login Options (Andrew Hughes)
Easy Single Sign-On with Spring Boot and OAuth 2.0 (Micah Silverman): note the need for JDK 11 (I used Amazon JDK 11), and please remove the double quotes around claim name and re-type (copy paste does not work well from blog post to okta dev console)
Build Spring Microservices and Dockerize Them for Production by Raphael do Vale. As I was finishing up the regular part (the exercise before docker), the service discovery reminded me of Hashicorp Consul tutorial I followed along a while ago. Note this tutorial used Netflix Eureka which is a bit more cool than pure command lines from Consul / Vagrant 🙂 Note this for Docker (quote the tutorial): You must store the file school-ui.properties in the same folder specified on the volume mapping (in the example above, the relative folder ./config-data). This is also my first complete tutorial on Docker container running java web apps (on my local MacBook and Windows 10). In the past I followed tutorial that runs Chef as well as Tomcat / Jenkins on docker (GCP).
Build a Secure Notes Application with Kotlin, TypeScript, and Okta by Matt Raible. Note the last part also talked about how to push code to Pivotal Cloud Foundry and deploy the apps there. This is interesting as I have done the PCF 15 minutes tutorial in the past (and recently).
Bootiful Development with Spring Boot and React (Matt Raible at Okta): I followed this tutorial until the point that I get the basic beer list (in other words, I made both the basics of Spring Boot and React work). This is my very first venture into React, and I had to install “yarn” as well using brew install. In the process I had to upgrade the Xcode via command line.
Also: Use React and Spring Boot to Build a Simple CRUD App (Matt Raible at Okta): I made small mistake when initiating the project with Spring website: I copied / pasted the dependency frameworks, which seems does not have any effect when the pom.xml was created. So I added the dependencies manually.
org.springframework.boot spring-boot-starter-web org.projectlombok lombok provided com.h2database h2 runtime
Also in my Eclipse, I need to install Lombok manually by following instruction here. Note Matt did mentioned the IDE cannot recognize some of the Lombok things if there is no plugin. In the past I used to install Plugin via the menu inside Eclipse. I noticed “Whitelabel error” when I was hitting the end points: http://localhost:8080/api/groups/ (this is working as expected actually, before I add any JUG meeting to the list, as I don’t have access to the default list).
Last but not least: I need to make a small adjustment in GroupEdit.js sample code
'X-XSRF-TOKEN': this.state.csrfToken, (it was just csrfToken and Yarn did not like it)
A Quick Guide to OAuth 2.0 with Spring Security: minor thing for AuthServerConfig.java
//import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder;
(The one above is obvious because it won’t compile without the change, Eclipse IDE suggested changes).
Get Started with Spring Boot, OAuth 2.0, and Okta (Matt Raible)
Java Microservices with Spring Cloud Config and JHipster (Matt Raible)
OAuth etc readings
OAuth 2.0 and OpenID Connect (in plain English) by former Okta Developer Advocate Nate Barbettini
Tutorial: Secure a Java web app using the Spring Boot Starter for Azure Active Directory B2C (warning: Microsoft 🙂 my code at github)
How single sign-on works, step by step (OneLogin)
What the Heck is OAuth? (Matt Raible)
What the hell is OAuth? (Devon Wijesinghe)
Nobody Cares About OAuth or OpenID Connect (Randall Degges)
Why Developers Do Care About OAuth and OpenID Connect (Scott Brady)
Last but not least: 5 Top Enterprises Making IAM a Priority
Resources
Full disclosure: I hold some OKTA shares ($OKTA) in my IRA account, at this time (march 2019). But when I think about the extent of Okta dev blogs, the whole thing is a bit mind boggling to me. They have so many talented people (note they are not all the talents the company got)