About Lesson
To get started, you need the minimum required components defined as a @Bean. When using the spring-boot-starter-oauth2-authorization-server dependency, define the following properties and Spring Boot will provide the necessary @Bean definitions for you:
application.yml
server:
port: 9000
logging:
level:
org.springframework.security: trace
spring:
security:
user:
name: user
password: password
oauth2:
authorizationserver:
client:
oidc-client:
registration:
client-id: “oidc-client”
client-secret: “{noop}secret”
client-authentication-methods:
– “client_secret_basic”
authorization-grant-types:
– “authorization_code”
– “refresh_token”
redirect-uris:
– “http://127.0.0.1:8080/login/oauth2/code/oidc-client”
post-logout-redirect-uris:
– “http://127.0.0.1:8080/”
scopes:
– “openid”
– “profile”
require-authorization-consent: true
You have two options: you can either convert the YAML file to an application.properties file, or you can convert an existing application.properties file to YAML format and add the provided code inside it. Here’s how you can do it:
spring:
application:
name: userAuth
datasource:
url: jdbc:mysql://127.0.0.1:3306/authService
username: root
password: 1234
jpa:
show-sql: true
hibernate:
ddl-auto: create
security:
user:
name: user
password: password
oauth2:
authorizationserver:
client:
oidc-client:
registration:
client-id: “oidc-client”
client-secret: “{noop}secret”
client-authentication-methods:
– “client_secret_basic”
authorization-grant-types:
– “authorization_code”
– “refresh_token”
redirect-uris:
– “http://127.0.0.1:8080/login/oauth2/code/oidc-client”
post-logout-redirect-uris:
– “http://127.0.0.1:8080/”
scopes:
– “openid”
– “profile”
require-authorization-consent: true
server:
port: 8080
logging:
level:
org.springframework.security: trace
This configuration is for setting up authentication using OAuth 2.0 with Spring Security. Let’s break it down:
- User Authentication:
The `security.user` section defines a default user with the username “user” and the password “password“. This is useful for testing purposes. - OAuth 2.0 Authorization Server:
- The `security.oauth2.authorizationserver` section configures the OAuth 2.0 authorization server.
- `client` defines OAuth 2.0 clients that will interact with the authorization server.
- `oidc-client` is the client ID for the OpenID Connect client.
- `registration` specifies the registration details for the client.
- `client-id` and `client-secret` are the unique identifiers and secret for the client, respectively.
- `client-authentication-methods` specifies the authentication method used by the client to authenticate with the authorization server.
- `authorization-grant-types` lists the supported authorization grant types, such as “authorization_code” and “refresh_token”.
- `redirect-uris` define the URIs to which the authorization server redirects after successful authentication or authorization.
- `post-logout-redirect-uris` specify the URIs to which the user should be redirected after logging out.
- `scopes` define the scopes that the client is allowed to request during authorization.
`require-authorization-consent` specifies whether the authorization server should require user consent for authorization requests.