Multi-Tenant Resource Server

This bonus lab demonstrates the multi-tenancy feature of Spring Security.

To start the resource server just run the class com.example.multitenant.MultiTenantServerAppApplication.

Provided API

This resource server just provides one API at http://localhost:9090. The API is secured and is only accessible by specifying a bearer JSON web token as Authorization header.

The resource server is configured as multi-tenant and as such it accepts access tokens by the following identity providers:

• Auth0 with Issuer https://access-me.eu.auth0.com/

• Okta with Issuer https://dev-667216.oktapreview.com/oauth2/auskfyzkaoXSRnwTV0h7

To call the API use the following commands (Httpie or Curl). You may also use Postman instead if you like a UI more,

httpie

http localhost:9090 'Authorization: Bearer [access_token]'

curl

curl -H 'Authorization: Bearer [access_token]' \
-v http://localhost:9090 | jq

Using OKTA

To get an access token from Okta use one of the following commands.

httpie

http --form https://dev-667216.oktapreview.com/oauth2/auskfyzkaoXSRnwTV0h7/v1/token grant_type=password \
username=user@example.com password=Library_access#1 client_id=0oapjlvwd21SpAWL20h7 client_secret=Fb_ig1oa9WMzzJzvm9YtFZAiYJu196ZMgy9avOb9 scope="openid profile email"

curl

curl -X POST -d 'grant_type=password&username=user@example.com&password=Library_access#1&client_id=0oapjlvwd21SpAWL20h7&client_secret=Fb_ig1oa9WMzzJzvm9YtFZAiYJu196ZMgy9avOb9&scope=openid%20profile%20email' \
https://dev-667216.oktapreview.com/oauth2/auskfyzkaoXSRnwTV0h7/v1/token | jq

Using Auth0

To get an access token from Auth0 use one of the following commands.

httpie

http --form https://access-me.eu.auth0.com/oauth/token grant_type=password \
username=user@example.com password=user_4demo! client_id=0ed4mVHfXVs294W1Ab5K5YBb7GM7O7Tn client_secret=uP6eNUwC__v7VSQR9ggDaSfRFIAZrHBVXSyCF9pZwkrTX0LJYwjuS5uxO1Wu35Ca \
scope="openid profile email"

curl

curl -X POST -d 'grant_type=password&username=user@example.com&password=user_4demo!&client_id=0ed4mVHfXVs294W1Ab5K5YBb7GM7O7Tn&client_secret=uP6eNUwC__v7VSQR9ggDaSfRFIAZrHBVXSyCF9pZwkrTX0LJYwjuS5uxO1Wu35Ca&scope=openid%20profile%20email' \
https://access-me.eu.auth0.com/oauth/token | jq