Sample Application Architecture
Last updated
Last updated
We will extend the existing two microservices to use federated authentication based on OAuth 2.1 and OpenID Connect (OIDC).
OpenID Connect (OIDC) Identity Provider: This is central identity provider for single sign on which holds all users with their credentials
OAuth2/OIDC Resource Server (product-initial): The backend microservice providing product data (the OAuth2/OIDC resource server)
OAuth2/OIDC Client (ui-initial): The frontend UI microservice consuming the products (the OAuth2/OIDC client)
These microservices are configured to be reachable via the following URL addresses (Port 8080 is the default port in spring boot).
Service URLs:
OIDC Identity Provider
Client (UI)
Resource Server (Products API)
After importing the project into your IDE you should see a project structure like in the following picture. Here the VS Code project is shown, it may look different in other IDE's.
The main contents for this workshop consist of the following directories:
intro-labs: In the sub-directory auth-code-in-action you find a demo application that illustrates the OAuth 2 authorization code grant flow in details. Here you can follow all the subsequent steps happening during this protocol flow variant. In the sub-directory oauth_grants you get instructions on how to try different OAuth 2 authorization grant flows yourself with different tools like postman, curl and httpie.
labs: In this directory you find the workshop lab parts.
initial: This will be the starting point to implement code as part of this workshop
product: This is the provided sample product server microservice
ui: This is the provided sample product ui client microservice
solution: This is the reference solution for this workshop (please do NOT look into this now)
product: This is the reference solution of a OAuth2/OIDC product server microservice
ui: This is the reference solution of a OAuth2/OIDC product ui client microservice
Info: You can find more information on building OAuth 2.0/OIDC secured microservices with spring in Spring Boot Reference Documentation and in Spring Security Reference Documentation
So let's start with implementing the server side: The API (resource server).