This example shows how to create a microservices architecture with JHipster and secure it using Okta.
Please read Develop a Microservices Architecture with OAuth 2.0 and JHipster for a tutorial that shows you how to build this application.
Prerequisites: Java 8, Node.js, and Docker.
Okta has Authentication and User Management APIs that reduce development time with instant-on, scalable user infrastructure. Okta's intuitive API and expert support make it easy for developers to authenticate, manage and secure users and roles in any application.
To install this example application, run the following commands:
git clone https://github.com/oktadeveloper/okta-jhipster-microservices-oauth-example.git
cd okta-jhipster-microservices-oauth-example
This will get a copy of the project installed locally. To build all the projects as Docker images, run the following command in the gateway
, blog
, and store
directories:
./mvnw package -Pprod -DskipTests jib:dockerBuild
JHipster ships with Keycloak configured for OAuth by default. To configure your apps to work with Okta, you'll first need to create a free developer account. After doing so, you'll get your own Okta domain, that has a name like https://dev-123456.oktapreview.com
.
Create an OIDC App in Okta to get a client ID and secret. This basically means you're "registering" your application with Okta. Log in to your Okta Developer account and navigate to Applications > Add Application. Click Web and click the Next button. Give the app a name you’ll remember (e.g., JHipster Microservices
), and specify http://localhost:8080
as a Base URI and http://localhost:8080/login
as a Login Redirect URI. Click Done and make note of your client ID and client secret values.
In order for the roles coming from Okta to match the default roles in JHipster, you'll need to create them. Create a ROLE_ADMIN
and ROLE_USER
group (Users > Groups > Add Group) and add users to them. You can use the account you signed up with, or create a new user (Users > Add Person). Navigate to API > Authorization Servers, click the Authorization Servers tab and edit the default one. Click the Claims tab and Add Claim. Name it roles
, and include it in the ID Token. Set the value type to Groups
and set the filter to be a Regex of .*
.
Set the values for your Okta authorization server, client ID, and client secret as environment variables.
export SECURITY_OAUTH2_CLIENT_ACCESS_TOKEN_URI="https://{yourOktaDomain}.com/oauth2/default/v1/token"
export SECURITY_OAUTH2_CLIENT_USER_AUTHORIZATION_URI="https://{yourOktaDomain}.com/oauth2/default/v1/authorize"
export SECURITY_OAUTH2_RESOURCE_USER_INFO_URI="https://{yourOktaDomain}.com/oauth2/default/v1/userinfo"
export SECURITY_OAUTH2_RESOURCE_TOKEN_INFO_URI="https://{yourOktaDomain}.com/oauth2/default/v1/introspect"
export SECURITY_OAUTH2_CLIENT_CLIENT_ID="{clientId}"
export SECURITY_OAUTH2_CLIENT_CLIENT_SECRET="{clientSecret}"
Then cd into the docker-compose
directory and run:
docker-compose up -d
It can take a while to start all 14 containers, so now might be a good time to take a break, or go on a run. You can use Docker's Kitematic to watch the status of your images as they start. After all your containers are running, you should be able to log in with your credentials at http://localhost:8080
.
This example uses the following libraries provided by open source:
Please post any questions as comments on the blog post, or visit our Okta Developer Forums. You can also email developers@okta.com if would like to create a support ticket.
Apache 2.0, see LICENSE.