micronaut

Micronaut Oauth2 Okta integration.

In this article, we are going to secure micronaut applications using okta oauth2.0 integration. How to integrate micronaut application using Oauth2.0.

What is oAuth2.0?

OAuth 2.0 is the industry-standard protocol for authorization. OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and living room devices. 

Tech Stack:

Below are the some of the technology we are planning to use for this demonstration.

  1. Java 1.8 >
  2. Micronaut
  3. okta OAuth2.0
  4. Gradle
  5. Thymeleaf
  6. JWT

Okta Oauth2.0:

Before creating project we have to visit to https://developer.okta.com/ and create the account if you don’t have one.

Once singup process is done then create the web application with following characteristics.

OpenId Connect for webapplication.

Provide these URLs as per your localhost and port and click on save once saved it will show the client id and client secret that is required for us.

Dependency is required below one.

implementation("io.micronaut.security:micronaut-security-oauth2")

For JWT suport below dependency needed,

    annotationProcessor("io.micronaut.security:micronaut-security-annotations")
    implementation("io.micronaut.security:micronaut-security-jwt")

Create the Application:

Micronaut allows you to create applications using the micronaut launch or micronaut CLI. For this application, I will go and create an application using micronaut launch.

Add three features security-jwt, oauth2 and thymeleaf. Once project is generated download it and open it in your favourite IDE.

View:

To creating the view we are using thymeleaf to create view where user will interact. Thymeleaf is java template engine to render the views in mironaut application.

Dependency in build .gradle

 implementation("io.micronaut.views:micronaut-views-thymeleaf")

Let us create simple home.html page.

<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org">
<head>
    <title>Home</title>
</head>
<body>
<h1>Micronaut - Okta example</h1>

<h2 th:if="${security}">username: <span th:text="${security.attributes.get('email')}"></span></h2>
<h2 th:unless="${security}">username: Anonymous</h2>

<nav>
    <ul>
        <li th:unless="${security}"><a href="/oauth/login/okta">Enter</a></li>
        <li th:if="${security}"><a href="/oauth/logout">Logout</a></li>
    </ul>
</nav>
</body>
</html>

Okta Configurations:

After creating application in okta we got some information like client id, secrete and domain. We have to add that configuration into our application.yaml file below.

micronaut:
  application:
    name: oaut2OktaExample
  security:
    authentication: cookie
    token:
      jwt:
        signatures:
          secret:
            generator:
              secret: '"${JWT_GENERATOR_SIGNATURE_SECRET:pleaseChangeThisSecretForANewOne}"'
    oauth2:
      clients:
        default:
          client-id: ${OAUTH_CLIENT_ID}
          client-secret: ${OAUTH_CLIENT_SECRET}
          openid:
            issuer: ${OAUTH_ISSUER}
      endpoints:
      logout:
        enabled:
          true

Change or add information in application.yaml file such client secret, client id, issuer and logout seetings.

diagramm
Ref micronaut documentation.

Above is the pictorial representation of openid connect or oauth2 flow in general.

Let us go ahead and create the Controller which will handle and control incoming request.

package com.techwasti.secureex;

import io.micronaut.http.annotation.Controller;
import io.micronaut.http.annotation.Get;
import io.micronaut.security.annotation.Secured;
import io.micronaut.security.rules.SecurityRule;
import io.micronaut.views.View;

import java.util.HashMap;
import java.util.Map;

@Controller 
public class HomeController {

    @Secured(SecurityRule.IS_ANONYMOUS) 
    @View("home") 
    @Get 
    public Map<String, Object> index() {
        return new HashMap<>();
    }
}

we return an empty model in the controller. However, we are accessing security in the thymeleaf template.

In the controller we have securing our controller request using @Secured(SecurityRule.IS_ANONYMOUS) annotation. Annotate with io.micronaut.security.Secured to configure secured access. The SecurityRule.IS_ANONYMOUS expression will allow access without authentication.

Use View annotation to specify which template would you like to render the response against.

The @Get annotation is used to map the index method to GET / requests.

Once everything is ready go ahead and run the application.

./gradlew run

Output:

Conclusion:

In this article we just discussed about the micronaut okta integration we learned about creating the secure app in micronaut by adding oauth2 implementation of security layer. I hope you like this.

Source Code:-

https://github.com/maheshwarLigade/micronaut-examples/tree/master/oaut2OktaExample

$ git clone https://github.com/maheshwarLigade/micronaut-examples.git
$ cd oaut2OktaExample
$ ./gradlew run