# Introduction

## Learning targets

This is a workshop on building secure cloud-native applications using spring cloud security ([OAuth 2.0](https://tools.ietf.org/html/rfc6749) and [OpenID Connect](https://openid.net/specs/openid-connect-core-1_0.html)).

This workshop is the hands-on part of the [cloud security presentation](https://github.com/andifalk/cloud-security-workshop/raw/master/Cloud_Native_Security.pdf).

Learning targets:

* Interact with an Identity Provider (like [Auth0](https://auth0.com/) or [Keycloak](https://www.keycloak.org/))
* Learn how to authenticate on client and server side using OAuth2 and OpenID Connect
* Development using [Spring Boot](https://spring.io/projects/spring-boot) and [Spring Security](https://spring.io/projects/spring-security)

## OAuth 2.0/OpenID Connect Security Workshop Tutorial

We will extend the existing two microservices to use single sign authentication based on OAuth 2.0 and OpenID Connect (OIDC).

* [**Auth0 Identity Provider**](https://auth0.com/): This is central identity provider for single sign on which holds all users with their credentials
* **OAuth2/OIDC Resource Server (product-initial)**: The microservice providing product data maps to a resource server
* **OAuth2/OIDC Client (ui-initial)**: The [thymeleaf](https://www.thymeleaf.org/) UI microservice consuming the products maps to an OAuth2/OIDC client

![](https://1217954492-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LtxH74bfp_X3TwUlR-g%2F-LtxHDMRDhbptfH8_G-v%2F-LtxIYLRt7amqMv_WzvQ%2Farchitecture.png?alt=media\&token=6803de1c-1262-4e83-ba24-0dfd4c46d326)

These microservices have to be configured to be reachable via the following URL addresses (Port 8080 is the default port in spring boot).

## Service URL Adresses

| Service                    | URL                              |
| -------------------------- | -------------------------------- |
| Identity Provider          | <https://access-me.eu.auth0.com> |
| Client (UI)                | <http://localhost:9095/client>   |
| Resource Server (Products) | <http://localhost:9090/server>   |

**Note:**\
You can find more information on building OAuth 2.0/OIDC secured microservices with spring in [Spring Boot Reference Documentation](https://docs.spring.io/spring-boot/docs/current/reference/htmlsingle/#boot-features-security-oauth2) and in [Spring Security Reference Documentation](https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#oauth2)