📒
openid-connect-workshop
  • Introduction
  • Introduction
    • Requirements and Setup
    • Sample Application Architecture
  • Intro Labs
    • Authorization Grant Flows in Action
    • Authorization Code Grant Demo
    • GitHub Client
  • Hands-On Labs
    • Resource Server
    • Client (Authorization Code Flow)
    • Client (Client Credentials Flow)
    • Testing JWT Auth&Authz
    • JWT Testing Server
    • SPA Client (Authz Code with PKCE)
  • Bonus Labs​
    • Multi-Tenant Resource Server
    • Micronaut
    • Quarkus
    • Keycloak Testcontainers
Powered by GitBook
On this page
  • Provided API
  • Using OKTA
  • Using Auth0

Was this helpful?

  1. Bonus Labs​

Multi-Tenant Resource Server

PreviousSPA Client (Authz Code with PKCE)NextMicronaut

Last updated 5 years ago

Was this helpful?

This bonus lab demonstrates the feature of Spring Security.

To start the resource server just run the class com.example.multitenant.MultiTenantServerAppApplication.

Provided API

This resource server just provides one API at . The API is secured and is only accessible by specifying a bearer JSON web token as Authorization header.

The resource server is configured as multi-tenant and as such it accepts access tokens by the following identity providers:

  • Auth0 with Issuer

  • Okta with Issuer

To call the API use the following commands ( or ). You may also use instead if you like a UI more,

httpie

http localhost:9090 'Authorization: Bearer [access_token]'

curl

curl -H 'Authorization: Bearer [access_token]' \
-v http://localhost:9090 | jq

Using OKTA

To get an access token from use one of the following commands.

httpie

http --form https://dev-667216.oktapreview.com/oauth2/auskfyzkaoXSRnwTV0h7/v1/token grant_type=password \
username=user@example.com password=Library_access#1 client_id=0oapjlvwd21SpAWL20h7 client_secret=Fb_ig1oa9WMzzJzvm9YtFZAiYJu196ZMgy9avOb9 scope="openid profile email"

curl

curl -X POST -d 'grant_type=password&username=user@example.com&password=Library_access#1&client_id=0oapjlvwd21SpAWL20h7&client_secret=Fb_ig1oa9WMzzJzvm9YtFZAiYJu196ZMgy9avOb9&scope=openid%20profile%20email' \
https://dev-667216.oktapreview.com/oauth2/auskfyzkaoXSRnwTV0h7/v1/token | jq

Using Auth0

httpie

http --form https://access-me.eu.auth0.com/oauth/token grant_type=password \
username=user@example.com password=user_4demo! client_id=0ed4mVHfXVs294W1Ab5K5YBb7GM7O7Tn client_secret=uP6eNUwC__v7VSQR9ggDaSfRFIAZrHBVXSyCF9pZwkrTX0LJYwjuS5uxO1Wu35Ca \
scope="openid profile email"

curl

curl -X POST -d 'grant_type=password&username=user@example.com&password=user_4demo!&client_id=0ed4mVHfXVs294W1Ab5K5YBb7GM7O7Tn&client_secret=uP6eNUwC__v7VSQR9ggDaSfRFIAZrHBVXSyCF9pZwkrTX0LJYwjuS5uxO1Wu35Ca&scope=openid%20profile%20email' \
https://access-me.eu.auth0.com/oauth/token | jq

To get an access token from use one of the following commands.

multi-tenancy
http://localhost:9090
https://access-me.eu.auth0.com/
https://dev-667216.oktapreview.com/oauth2/auskfyzkaoXSRnwTV0h7
Httpie
Curl
Postman
Okta
Auth0