secure-oauth2-oidc-workshop
secure-oauth2-oidc-workshop copied to clipboard
andifalk
Hands-On Workshop for OAuth 2.0 and OpenID Connect 1.0
OAuth 2.0 / OpenID Connect Workshop
Authentication and authorization for Microservices with OAuth 2.0 (OAuth2) and OpenID Connect 1.0 (OIDC). This contains both, theory parts on all important concepts, and hands-on practice labs.
Table of Contents
- Workshop Tutorial
- Requirements and Setup
-
Hands-On Workshop
-
Intro Labs
- Lab: Authorization Grant Flows in Action
- Demo: Auth Code Flow in Action
- Demo: GitHub Client
-
Hands-On Labs
- Lab 1: Resource Server
- Lab 2: Client (Auth Code)
- Lab 3: Client (Client-Credentials)
- Lab 4: Testing JWT Auth&Authz
- Lab 5: JWT Testing Server
- Lab 6: SPA Client (Authz Code with PKCE)
-
Bonus Labs
- Demo: Multi-Tenant Resource Server
- Demo: Resource Server with Micronaut
- Demo: Resource Server with Quarkus
- Lab: Keycloak Testcontainers
-
Intro Labs
- Feedback
- License
Workshop Tutorial
To follow the hands-on workshop please open the workshop tutorial.
Requirements and Setup
For the hands-on workshop you will extend a provided sample application along with guided tutorials.
The components you will build (and use) look like this:
Please check out the complete documentation for the sample application before starting with the first hands-on lab.
All the code currently is build using
- Spring Boot 2.4.x Release
- Spring Framework 5.3.x Release
- Spring Security 5.4.x Release
- Spring Batch 4.3.x Release
All code is verified against the currently supported long-term version 11 of Java (The latest version 14 should work as well).
To check system requirements and setup for this workshop please follow the setup guide.
Hands-On Workshop
Intro Labs
- Lab: Authorization Grant Flows in Action
- Demo: Authorization Code Grant Flow in Action
- Demo: A pre-defined OAuth2 client for GitHub
Hands-On Labs
- Lab 1: OAuth2/OIDC Resource Server
- Lab 2: OAuth2/OIDC Web Client (Auth Code Flow)
- Lab 3: OAuth2/OIDC Batch Job Client (Client-Credentials Flow)
- Lab 4: OAuth2/OIDC Testing Environment
- Lab 5: OAuth2/OIDC Angular Client
Bonus Labs
- Demo: Multi-Tenant Resource Server
- Demo: OAuth2/OIDC Resource Server with Micronaut
- Demo: OAuth2/OIDC Resource Server with Quarkus
- Lab: Keycloak Testcontainers
Feedback
Any feedback on this hands-on workshop is highly appreciated.
Just send an email to andreas.falk(at)novatec-gmbh.de or contact me via Twitter (@andifalk).
License
Apache 2.0 licensed
andifalk