Introduction In this tutorial, we’ll create a React application and a login form. We’ll use this login form with Spring Boot application with security to login the application. Create Spring Boot Project Following is the Spring Boot project structure: SecurityConfig.java LoginRequest.java AuthController.java Create a React application Create your React application. Following are the important components:…

Introduction In today’s digital landscape, allowing users to log in using their existing Google or GitHub accounts can greatly enhance the user experience while improving security. In this tutorial, we’ll walk you through integrating OAuth2 login with Google and GitHub in a full-stack application using Spring Boot for the backend and React JS for the…

1. Introduction In this tutorial, we’ll use method level security to protect our web service endpoint. Using method-level security, we can apply annotations above the method name to either permit or block the execution of the method depending on specific conditions. For instance, we can apply a security annotation to restrict the method’s execution to…

1. Introduction In this tutorial, you will learn what are roles and authorities and how they work in Spring. You will also learn how to configure your resource server to validate user role. In previous tutorials, we accessed a protected resource at a resource server using a valid token. In this tutorial, we’ll assign user…

1. Introduction Scope is a feature in OAuth 2.0 that restricts an application’s access to a user’s account. Applications can request one or more scopes, which are shown to the user on the consent screen. The access token provided to the application is then limited to the scopes that the user approves. For a client…

1. Introduction In this tutorial, we’ll learn how to configure a Spring Boot application as OAuth resource server. In the real world, the resource owner tries to access some information from the resource server. In this tutorial, the resource server is a Spring Boot application. The user tries to access a protected API endpoint. In…

1. Introduction In this tutorial, we’ll learn how to configure a new OAuth client application in Keycloak. We’ll then see how to configure client application secrets. We’ll then use the new credential to perform authorization code flow. 2. Configure new OAuth client application We’ll not see how to configure a new OAuth client. In the…

1. Introduction In previous tutorial, we started a Keycloak server in our localhost and created Admin user to login to the administrative console of Keycloak. In this tutorial, we’ll create a new realm and a new user in Keycloak. 2. What is a realm in Keycloak? A realm in Keycloak is equivalent to a tenant.…

1. Introduction Keycloak is an open-source identity and access management (IAM) solution designed for modern applications and services. It provides features such as single sign-on (SSO), user federation, identity brokering, and social login. Built on top of popular standards like OAuth 2.0, OpenID Connect, and SAML 2.0, Keycloak offers seamless integration with various applications, allowing…

1. Introduction In this tutorial, we will dive into one of the most widely used OAuth 2.0 grant types, designed specifically for secure authorization in web applications. The Authorization Code Grant is an essential tool for server-side applications that require a robust and secure way to obtain access tokens on behalf of users. 2. OAuth…