We will be using Auth0 as the provider of a platform for authentication and authorization as a service. We will create an example of this to secure our application; you don't have to be a security guru to achieve this.The following screenshot was borrowed from the Auth0 getting started guide:
Auth0 authentication and identity validation process
After we plug in or connect to Auth0, this will be the authentication and authorization server used to verify their identity and send the required information back to the application each time a user tries to authenticate.
The steps to create an example of authentication and authorization as a service using Auth0 are as follows:
- Create your free developer account in Auth0 at https://auth0.com/.
- Log in to the Auth0 portal and create an application:
- Give a name to the application, and then select the Regular Web Application option, which includes Java applications (you can also create native mobile applications, single-page applications, and Internet of Things (IoTs)):
- Select an example application that uses Spring Security.
- Click on Download the application and change the folder name of the project to packt-secure-sample.
To run the example, we need to set the callback URL (http://localhost:3000/callback) in the Settings tab of the application that we created.
To run this on the console, execute the following commands in the sample's directory:
# In Linux / macOS./gradlew clean bootRun
# In Windowsgradlew clean bootRun
You can see the application at the URL, http://localhost:3000/, as follows:
Note that the application login page redirects to Auth0. After we log in via a third-party application, through our Google account or with the credentials provided by Auth0, we will see the following result, which shows the token that was generated:
You have now learned how to use Auth0 as a platform for authentication and authorization as a service, using standards such as OAuth2 and JWT.