Add support for OAuth 2.0 to Flowable's REST APIs

Robinyo · January 31, 2020, 6:52am

I’ve had a look at Spring Security’s support for OAuth 2.0.

git clone https://github.com/spring-projects/spring-security.git

Build:

cd ~/spring-security/samples/boot/oauth2resourceserver
gradle clean build

Run:

java -jar ./build/libs/spring-security-samples-boot-oauth2resourceserver-5.3.0.BUILD-SNAPSHOT.jar

The hard coded tokens work as expected.

I updated the application.yml to point to my Authorization Server (Keycloak):

spring:
  main:
    banner-mode: "off" 

---
logging:
  level: 
    root: INFO 

---
logging:
  level:
    org.springframework.security: DEBUG

---
spring:
  security:
    oauth2:
      resourceserver:
        jwt:
          jwk-set-uri: http://localhost:10001/auth/realms/development/protocol/openid-connect/certs

curl http://localhost:10001/auth/realms/development/protocol/openid-connect/certs

{
    "keys": [
        {
            "kid": "Zzq49qnky3j2seAxDtRsJU0QdUj4cfMhw44QlDcBAi8",
            "kty": "RSA",
            "alg": "RS256",
            "use": "sig",
            "n": "jLZBNwKjf6-ENABVI_mkhcwlwbs5DIEP6o4zvlM2GpSiSCEgP9No-irYPeP5tugbXyeQGKmqUkmNBfVjqUMxVgG7_zmqfgsABMEkwWhgFfFoGa0jjN43wsDV7nqLs3erQkSB81vyuFq0fXvTWwwXny0v11IcR2OWmPENzPzgNb194JoODuNInW9ymt6TTaV0BvLNGAj3_8W3_WijUfZuudxdkZ00ciwJrjAJ-5Bz4DRaBCB64EZc5A1DtbSWgpftZtOjRX5_CAVctZnV0bxZad2h7e4df98Mla0S15b79TjCFywAXOlBqDqFL8sNQZR9nbrYo0qtvPsViaAbpj2Fsw",
            "e": "AQAB",
            "x5c": [
                "MIICmzCCAYMCBgFvIWexnTANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZtYXN0ZXIwHhcNMTkxMjIwMDM0MjIxWhcNMjkxMjIwMDM0NDAxWjARMQ8wDQYDVQQDDAZtYXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCMtkE3AqN/r4Q0AFUj+aSFzCXBuzkMgQ/qjjO+UzYalKJIISA/02j6Ktg94/m26BtfJ5AYqapSSY0F9WOpQzFWAbv/Oap+CwAEwSTBaGAV8WgZrSOM3jfCwNXueouzd6tCRIHzW/K4WrR9e9NbDBefLS/XUhxHY5aY8Q3M/OA1vX3gmg4O40idb3Ka3pNNpXQG8s0YCPf/xbf9aKNR9m653F2RnTRyLAmuMAn7kHPgNFoEIHrgRlzkDUO1tJaCl+1m06NFfn8IBVy1mdXRvFlp3aHt7h1/3wyVrRLXlvv1OMIXLABc6UGoOoUvyw1BlH2dutijSq28+xWJoBumPYWzAgMBAAEwDQYJKoZIhvcNAQELBQADggEBADMNWMWqzFcfMbNcyCSRsI+GmjVSnvEHR7lrAGZJjnqN2MIKN1cHYPfzzxqvkfWODJIyGsO25Tw+sNiFlg1f+o+dh3Szh2T+3ZLiC8VLT+bhdDOjvAaGomRzZC4haYIs8jzJb2p9y9+5pqk/TvUaoJLWrSuBUNxPj6paYmiksP88NWvWO35SRAq5o8G7XuZE4UCJK0ytqPpiasDFOfDS6nASuZEy2/s4RtDFeTt04oaW6EHOjcCv7vDtGHyi8o34sr1iKT/zYs298yniJdI7sHhwzDs2y77+/LOWT5D8Xtma8T9449cla7XxfQhUNKmSRvdhI3pn7s4lm5D5YEx3+QY="
            ],
            "x5t": "srWjtAz9zfU3P4QEQ8scY3Aft4Y",
            "x5t#S256": "SRhwmA6NSKFv8gFL1Jk-q--ew69oAl8Bl7Ik3QFl7xM"
        }
    ]
}

I rebuilt the sample:

gradle clean build -x test -x integrationTest

Run:

java -jar ./build/libs/spring-security-samples-boot-oauth2resourceserver-5.3.0.BUILD-SNAPSHOT.jar

I used Postman to obtain a valid token from Keycloak:

And, it worked

I then created my own sample REST API (using Spring Boot, JPA, HATEOAS, Spring Security, …).

See:

It seems pretty straight forward to add support for OAuth 2.0 JWT access tokens.

Topic		Replies	Views
How To: Keycloak, Flowable and OpenLDAP Flowable Engine	9	2260	January 12, 2020
Flowable UI v6.8.0 Keycloak Integration Flowable Engine	14	208	August 30, 2024
Login with OAuth 2.0 - invalid_user_info_response Flowable Engine	2	849	April 23, 2024
How To: Flowable OAuth2 Resource Server Flowable Engine	1	1004	February 6, 2020
Multitenancy with Flowable 6.6.0 with keyclock intgeration	5	1028	October 19, 2020

Add support for OAuth 2.0 to Flowable's REST APIs

Related topics