I have developed an OAuth2 authorization server with a console in the past few days to share with you.

In the past few days, in my spare time, I worked with several bigwigs in the fan group to write a management console project Id Server based on the OAuth2 authorization server of Spring Authorization Server . I think this project can greatly reduce the difficulty of using the OAuth2 authorization server. It allows you to easily manage OAuth2 client information, and even generate OAuth2 configuration files with one click. Next, I will briefly introduce the Id Server project.

Project address: https://github.com/NotFound403/id-server Remember to Star.

The main function

• Out of the box, simple configuration and ready to use.
• Create OAuth2 clients and manage OAuth2 clients.
• Provides OAuth2 authorization service.

• Four client authentication methods are supported:

  • CLIENT_SECRET_BASIC
  • CLIENT_SECRET_POST
  • CLIENT_SECRET_JWT
  • PRIVATE_KEY_JWT

• Three OAuth2 authorization methods are supported:

  • AUTHORIZATION_CODE
  • CLIENT_CREDENTIALS
  • REFRESH_TOKEN
• OIDC 1.0 support (improving).
• One-click generation configuration yaml file (under development).
• Provide UI console to reduce the cost of getting started.
• The user role of the administrator can be dynamically adjusted, and the authorization server can be controlled at the button function level.

Main technique

• Spring Boot
• Spring Security
• Spring Authorization Server
• Spring Data JPA
• layui
• thymeleaf

• database

  • H2
  • Mysql

screenshot

Having said so much, it is more intuitive to put some pictures.

Simple usage

• Pull the latest code from the master branch to the local.
• Start the authorization server with IdServerApplication . The local login path of the management console is http://localhost:9000/system/login , the highest privileged user is root , and the password is idserver .

• You can do these things with the root user:

  • Create roles (role management) and bind permissions to roles.
  • Create console administrative users (user management) and assign them roles.

The exit function is not yet perfect, you need to clear the session by closing the browser.

OAuth2 Test Methods

• Starts the Id Server , which by default provides a built-in OAuth2 client in the client list.
• The sample client is in the samples folder, start directly, under the browser configuration file http://127.0.0.1:8082/foo/bar , enter the login page, enter the user name user user and password- user can be.
• 你也可以在Id Server中创建一个客户端并模仿DEMO中的配置，主要修改client-id , client-secret , client-authentication-method , scope , other options Unless you are familiar with OAuth2, don't move it first, you can also consult through issue.

redirect-uri Must be declared when the authorization server Id Server registers the client.

How to replace built-in user user

First of all, it is necessary to correctly distinguish the concepts of administrative users and ordinary users.

Manage users

root and the user created by it is the management user of the UI console. The super administrator root is a default user currently provided with the highest authority of the Id Server. If you need to customize it, you can implement the RootUserDetailsService interface and inject Spring IoC .

general user

Ordinary users are resource owners in OAuth2, and they mainly authorize authorization requests from OAuth2 clients. By default, a user is provided for demonstration. Developers can implement the OAuth2UserDetailsService interface and inject Spring IoC to customize the source of the user.

multiple environments

Currently, Id Server provides two database environments, H2 and Mysql , corresponding to two configuration files: application-h2.yml and application-mysql.yml .

• H2 , the default database, in the H2 environment, the database DDL scripts and DML scripts will be automatically executed, without the need for developers to manually execute, this environment is mainly used for testing, research, and learning.
• Mysql , recommended for production, the developer manually executes the initialization DML script when it is first started .

At present, the effects of the two environments are the same. When switching, be sure to replace the corresponding database driver dependencies in pom.xml .

vision

This project hopes to help everyone learn and use OAuth2 . At present, the main function of the project has been completed, and the configuration generator and OIDC -related functions are being followed up. I hope you can support it, star it. Bring more bugs and demands through issues .

关注公众号：Felordcn 获取更多资讯

Personal blog: https://felord.cn