Skip to content

oktadev/spring-web-pkce

Repository files navigation

Spring Web Application with Authorization Code Flow with PKCE

This is a simple Spring Boot web application with just a secured home page at the / location, built with Thymeleaf templates, for the purpose of demonstrating the OpenID Connect Authorization Code Flow with PKCE in a confidential client, using Auth0 as the identity provider.

Prerequisites

Installation

Clone the repository:

git clone https://github.com/indiepopart/spring-web-pkce.git

Register the Application as Regular Web App in Auth0

Sign up at Auth0 and install the Auth0 CLI. Then in the command line run:

auth0 login

The command output will display a device confirmation code and open a browser session to activate the device.

Using the Auth0 CLI, register the web application as an authentication client for Auht0:

auth0 apps create \
  --name "Spring MVC" \
  --description "Spring Boot Webapp" \
  --type regular \
  --callbacks http://localhost:8080/login/oauth2/code/okta \
  --logout-urls http://localhost:8080 \
  --reveal-secrets

Copy application.yml.example to application.yml and fill in the values with your Auth0 client settings.

okta:
  oauth2:
    issuer: https://<your-auth0-domain>/
    client-id: <client-id>
    client-secret: <client-secret>
    post-logout-redirect-uri: http://localhost:8080

Run the application

./gradlew bootRun

In your browser, open a private window and navigate to http://localhost:8080. You will be redirected to the Auth0 Universal Login page.

About

No description, website, or topics provided.

Resources

Code of conduct

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published