> For the complete documentation index, see [llms.txt](https://andifalk.gitbook.io/openid-connect-workshop/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://andifalk.gitbook.io/openid-connect-workshop/master.md). # Introduction [![License](https://img.shields.io/badge/License-Apache%20License%202.0-brightgreen.svg)](http://www.apache.org/licenses/LICENSE-2.0.txt) ![Java CI](https://github.com/andifalk/secure-oauth2-oidc-workshop/workflows/Java%20CI/badge.svg) [![Release](https://img.shields.io/github/release/andifalk/secure-oauth2-oidc-workshop.svg?style=flat)](https://github.com/andifalk/secure-oauth2-oidc-workshop/releases) ## OAuth 2.0 / OpenID Connect Workshop Authentication and authorization for Microservices with OAuth 2.0 (OAuth2) and OpenID Connect 1.0 (OIDC). This contains both, theory parts on all important concepts, and hands-on practice labs. **Table of Contents** * [Workshop Tutorial](https://andifalk.gitbook.io/openid-connect-workshop) * [Requirements and Setup](/openid-connect-workshop/introduction/setup.md) * [Hands-On Workshop](/openid-connect-workshop/master.md#hands-on-workshop) * [Intro Labs](/openid-connect-workshop/master.md#intro-labs) * [Lab: Authorization Grant Flows in Action](/openid-connect-workshop/intro-labs/oauth-grants.md) * [Demo: Auth Code Flow in Action](/openid-connect-workshop/intro-labs/auth-code-demo.md) * [Demo: GitHub Client](/openid-connect-workshop/intro-labs/github-client.md) * [Hands-On Labs](/openid-connect-workshop/master.md#hands-on-labs) * [Lab 1: Resource Server](/openid-connect-workshop/hands-on-labs/lab1.md) * [Lab 2: Client (Auth Code)](/openid-connect-workshop/hands-on-labs/lab2.md) * [Lab 3: Client (Client-Credentials)](/openid-connect-workshop/hands-on-labs/lab3.md) * [Lab 4: Testing JWT Auth\&Authz](/openid-connect-workshop/hands-on-labs/lab4.md) * [Lab 5: JWT Testing Server](/openid-connect-workshop/hands-on-labs/lab5.md) * [Lab 6: SPA Client (Authz Code with PKCE)](/openid-connect-workshop/hands-on-labs/lab6.md) * [Bonus Labs](/openid-connect-workshop/master.md#bonus-labs) * [Demo: Multi-Tenant Resource Server](/openid-connect-workshop/bonus-labs/multi-tenant-server-app.md) * [Demo: Resource Server with Micronaut](/openid-connect-workshop/bonus-labs/micronaut-server-app.md) * [Demo: Resource Server with Quarkus](/openid-connect-workshop/bonus-labs/quarkus-server-app.md) * [Lab: Keycloak Testcontainers](/openid-connect-workshop/bonus-labs/keycloak-test-containers.md) * [Feedback](/openid-connect-workshop/master.md#feedback) * [License](/openid-connect-workshop/master.md#license) ### Workshop Tutorial To follow the hands-on workshop please open the [workshop tutorial](https://andifalk.gitbook.io/openid-connect-workshop). ### Requirements and Setup For the hands-on workshop you will extend a provided sample application along with guided tutorials. The components you will build (and use) look like this: ![Architecture](/files/-Lzvpy7g-qurDrvL9yn7) **Please check out the** [**complete documentation**](/openid-connect-workshop/introduction/application-architecture.md) **for the sample application before starting with the first hands-on lab**. All the code currently is build using * [Spring Boot 2.4.x Release](https://spring.io/blog/2020/11/12/spring-boot-2-4-0-available-now) * [Spring Framework 5.3.x Release](https://spring.io/blog/2020/10/27/spring-framework-5-3-goes-ga) * [Spring Security 5.4.x Release](https://spring.io/blog/2020/09/10/spring-security-5-4-goes-ga) * [Spring Batch 4.3.x Release](https://spring.io/blog/2020/10/28/spring-batch-4-3-is-now-ga) All code is verified against the currently supported long-term version 11 of Java (The latest version 14 should work as well). To check system requirements and setup for this workshop please follow the [setup guide](/openid-connect-workshop/introduction/setup.md). ### Hands-On Workshop #### Intro Labs * [Lab: Authorization Grant Flows in Action](/openid-connect-workshop/intro-labs/oauth-grants.md) * [Demo: Authorization Code Grant Flow in Action](/openid-connect-workshop/intro-labs/auth-code-demo.md) * [Demo: A pre-defined OAuth2 client for GitHub](/openid-connect-workshop/intro-labs/github-client.md) #### Hands-On Labs * [Lab 1: OAuth2/OIDC Resource Server](/openid-connect-workshop/hands-on-labs/lab1.md) * [Lab 2: OAuth2/OIDC Web Client (Auth Code Flow)](/openid-connect-workshop/hands-on-labs/lab2.md) * [Lab 3: OAuth2/OIDC Batch Job Client (Client-Credentials Flow)](/openid-connect-workshop/hands-on-labs/lab3.md) * [Lab 4: OAuth2/OIDC Testing Environment](/openid-connect-workshop/hands-on-labs/lab4.md) * [Lab 5: OAuth2/OIDC Angular Client](/openid-connect-workshop/hands-on-labs/lab5.md) #### Bonus Labs * [Demo: Multi-Tenant Resource Server](/openid-connect-workshop/bonus-labs/multi-tenant-server-app.md) * [Demo: OAuth2/OIDC Resource Server with Micronaut](/openid-connect-workshop/bonus-labs/micronaut-server-app.md) * [Demo: OAuth2/OIDC Resource Server with Quarkus](/openid-connect-workshop/bonus-labs/quarkus-server-app.md) * [Lab: Keycloak Testcontainers](/openid-connect-workshop/bonus-labs/keycloak-test-containers.md) ### Feedback Any feedback on this hands-on workshop is highly appreciated. Just send an email to *andreas.falk(at)novatec-gmbh.de* or contact me via Twitter (*@andifalk*). ### License Apache 2.0 licensed --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://andifalk.gitbook.io/openid-connect-workshop/master.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.