This project implements a secure OAuth2 Authorization Server using HTTPS, Spring Boot 3.4, Spring Security 6.4, and Spring Authorization Server 1.4.2.
It supports RestClient, federated login, JWT tokens, token storage, and OIDC discovery โ following modern Spring Security best practices
- Java โ business logic and user management
- Spring Boot 3.4, Spring Security 6.4
- Spring Authorization Server 1.4.2
- Security โ OAuth2, OIDC, JWT
- PostgreSQL โ persistent token and user storage
- ๐ฅ UI walkthrough video (short demo, downloadable if not previewable)
- ๐ Example validation images can be found in the
/docs_photofolder
- JWT-based authentication with access tokens
- Federated login (Google) via Spring Authorization Server
- Token customization using claims mapper
- HTTPS-only flow with self-signed certificate
- Full support for OIDC discovery and token endpoints
- RestClient integration for secure inter-service communication
- Clean setup with Spring Security 6.4.4 โ no deprecated APIs, everything works out of the box
| Port | Endpoint | Description |
|---|---|---|
| 9000 | /oauth2/authorize |
OAuth2 authorization endpoint |
| 9000 | /oauth2/token |
Token issuing endpoint |
| 9000 | /.well-known/openid-configuration |
OIDC discovery endpoint |
| 8080 | /public |
Public data from resource server |
| 8080 | /secure |
Protected data (requires token) |
| 8080 | /token |
Shows current token metadata |
- Client Application:
https://localhost:8080 - Resource Server:
https://localhost:8081 - Authorization Server:
https://localhost:9000
- This microservice uses a self-signed HTTPS certificate to secure the full OAuth2 authorization flow (as required by Spring Security).
- In a production setup, I would use Nginx as a reverse proxy and obtain Let's Encrypt or commercial certificates, depending on business needs.
I'm always open to feedback, collaboration, or professional connections.
Feel free to reach out!