Securing Spring APIs with
JSON Web Tokens

Ado Kukic

Developer Evangelist

Auth0

@kukicado

OAuth 2.0

An open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords.

An open standard for access delegation.

@kukicado

OpenID Connect

An authentication layer built on top of OAuth 2.0, allowing clients to verify the identity of an end-user based on the authentication performed by an authorization server.

@kukicado

An authentication layer built on top of OAuth 2.0

OAuth 2.0 Roles

Resource Owner

The entity that can grant access to a protected resource. Typically this is the end-user.

Resource Server

The server hosting the protected resources. This is the API you want to access.

Client

The app requesting access to a protected resource on behalf of the Resource Owner.

Authorization Server

The server that authenticates the Resource Owner, and issues tokens.

Tokens

 

Access Token

An opaque string or JWT that denotes who has authorized which permissions (scopes) to which application.

Id Token

A JWT that contains user profile information (name, email, etc.), represented in the form of claims.

@kukicado

DEMO

Spring API, VueJS, & JWT

 

@kukicado

Baseline

{ json }

@kukicado

Authentication
Implicit Grant Flow

@kukicado

Authenticated

{ json }

{ json }

@kukicado

Silent Authentication

{ json }

{ json }

@kukicado

Silent Authentication

{ json }

{ json }

iframe

@kukicado

BCP

Auth Code with PKCE

 

@kukicado

Authentication

{ code_challenge }

code={123}

@kukicado

Authentication

{ code={123} code_verifier }

@kukicado

Authenticated

{ json }

{ json }

@kukicado

 

Resources

 

@kukicado

OAuth 2.0 Official Website

https://oauth.net/2/

 

OAuth 2.0 Complete Guide

http://bit.ly/oauth-complete

 

OAuth 2.0 Scopes

http://bit.ly/oauth-scopes

 

Thank You!

@kukicado

 

JUG Spring API with VueJS

By Ado Kukic

JUG Spring API with VueJS

  • 685