Auth0 Implementation made easy with Spring Boot and React [Part 1]
Hello and Namaste !
In this story, we will learn how we can easily integrate Auth0 into our Spring Boot and React applications.
I have divided this story into two parts.
Part 1:
Setting up Auth0 and creating Spring Boot Application with secured API
Part 2:
Creating React app to use Auth0 login, generate token and call secured API.
This story is Part 1.
For those who are new, Auth0 is a platform/product that enables easy authentication and authorization in our application.
For more: https://auth0.com
We will have Auth0 login, token generation at React app and secured APIs in Spring Boot application.
Auth0 Setup
First, we will have to create account in Auth0. It’s free !
It’s pretty straight forward: provide tenant domain name, select region and select environment tag.
Now, go to Applications, and click on “+ Create Application”
Provide Application name and choose “Single Page Web Applications” as application type. Click on “Create”.
You will be redirected to “Quick Start”.
Here, Please choose desired technology to know more on how Auth0 can be implemented.
Go to “Settings” tab, you will find important information, very important indeed ! Keep note of Domain and Client Id.
Set “Allowed Callback URLs”, “Allowed Logout URLs”, “Allowed Web Origins” as “http://localhost:3000” (React App URL)
This is to make Auth0 work with our Application (one we are about to build). These URLs are to be configured based on URL of your React app.
Click on “Save Changes”.
Now, let’s move on to Application Development.
Spring Boot Application
Our Spring Boot Application will be the Resource Server. It will validate token and if found valid, return the requested resource.
We will create two sample APIs; one is secured (will require Bearer token) and other public (can be accessed without token).
- Create Spring Boot Application
We will be using:
Project: Gradle Project
Language: Java
Spring Boot: 2.5.3
Packaging: Jar
Java: 11For dependencies:
Spring Web
OAuth2 Resource Server2. Create DTO and RestController
We will secure “/auth0/private” API.
3. Configure the Resource Server
Create SecurityConfig for Resource Server.
Token on API request has to be decoded and validated with Auth0.
Resource server has to communicate with Auth0 to validate the token.
First, we will add attributes to our properties file (application.properties).
To know the audience, navigate to “APIs” (on “Applications”).
Copy this API and use as value for “auth0.audience” in properties.
auth0.audience is required to validate audience; token is coming from the right audience.
If we only need to validate token and do not mind the audience, this attribute can be skipped. I highly recommend using it.
Add JwtDecoder to SecurityConfig without audience validation.
At this point, API (“/auth0/private”) will be secure.
To be more secured, we have to validate audience to know if token is for requested resource or not.
So, let’s create AudienceValidator and use that on SecurityConfig.
This completes our Spring Boot Application.
Refer: https://auth0.com/docs/quickstart/backend/java-spring-security5/01-authorization
Available in GitHub:
https://github.com/umes4ever/auth0-implementation
Continue to Part 2:
https://umes4ever.medium.com/auth0-implementation-made-easy-with-spring-boot-and-react-part-2-5f8c10130074
Happy Learning !
