Creating Spring Boot applications with App ID
A typical problem developers face when creating a new app is implementing their own sign-in and identity management mechanism. This can be easily achieved by developers integrating IBM Cloud App ID into their apps. In this post, I will show you step-by-step, how to integrate App ID into a sample Spring Boot application that uses OAuth 2. The integration gives us the possibility to use OIDC to retrieve user information when users log in to the app.
Before we get started, let’s briefly review App ID.
What is App ID?
With App ID, developers can easily add authentication and authorization, and build user profile in apps and APIs that run on IBM Cloud. With the service’s SDKs and APIs, developers can get a sign-in flow working in minutes, enable social login with Google and Facebook, or add email/password sign-in. The user profile feature allows developers to aggregate and store both identity provider as well as custom application information (such as app preferences) about their users. In short, App ID enables your app to be used only by authorized users and that those users have access only to what they should have access to. The app experience is customized, personalized, but most importantly, secure.
Now that we understand what App ID is, it’s time to understand a little bit about Spring Boot applications, and how Spring’s security mechanisms will help us achieve an end-to-end OAuth 2 flow.
Spring and Spring Boot with OAuth 2
Spring is a framework that provides comprehensive infrastructure support for developing Java apps. With the framework taking care of the infrastructure, it makes it easier for the developer to focus on the application itself. But, configuring the framework is not an easy task. So, Spring now offers a lightweight framework that makes it easier to configure Spring based apps called Spring Boot.
In order to configure Spring Boot with an OAuth2/OIDC server such as App ID, we need to first configure the framework:
clientId: The identifier by which the OAuth 2 provider identifies your client.
clientSecret: The associated secret.
accessTokenUri: The URI of the access token endpoint provider.
scope: A comma-separated list of scopes. By default, no scope is specified.
clientAuthenticationScheme: The scheme used by the client to authenticate to the access token endpoint. By default, it uses ‘
userAuthorizationUri: The URI to which the user is redirected to authorize access to the resource.
When the Spring Boot app starts, it automatically grabs the provided configuration to authenticate and authorize the user. The results are sent back to the Spring framework. The results can then be used by the app and be shown or processed if needed.
Now that you know what Spring and OAuth 2 are and how they work, it’s time to build your own Spring Boot app integrated with App ID.
Sample App overview
The sample app we’ll create is defined as an OAuth 2 client app. Once this app configures Spring Security with the OAuth2/OIDC endpoints, the framework initiates an authorization grant code flow to obtain an access token and an identity token from App ID. The Spring Security framework then uses the access token to ask the App ID service for user profile information. Spring security stores the user profile information in the
Principal object in the Spring backend. We can then query the backend using a GET request to show user information in the frontend.
Setting up App ID
You must have:
An IBM Cloud account
An instance of App ID
App ID provides default configuration for email/password based, sign-up and sign-in with App ID’s scalable user registry (Cloud Directory, or social log-in with Google or Facebook).
Login to your IBM Cloud account and navigate to your App ID dashboard. When there, go to Identity Providers -> Manage, and add ‘
http://localhost:8080/login'as your web redirect URL. This is where our Spring app is going to be running. After App ID finishes the OAuth 2 process, it redirects to the provided URL.
In the same tab, be sure that the desired providers are “On“.
Navigate to the Service credentials tab, and select the credentials entry. Click View credentials and copy the ‘
oauthServerUrl', and ‘
secret'values. This information is used in the Spring Boot app configuration.
Now it’s time to create the sample Spring Boot app!
Integrating App ID with Spring Boot
You must have:
A Java source code editor, such as IntelliJ IDEA
You have three options when creating your Spring Boot app:
Download the complete app from here. With this option you only need to perform step 9 of this section which walks you through configuring the application.yml file. After you’ve done that, you can go to the next section.
Generate a Spring Maven base project with this link: https://start.spring.io/. Define Web as a dependency. After generating the project, you can start at step 2. A few of the dependencies and files might already be created, so be sure to add only what you need for your app.
Create the sample project from scratch, following the steps in this section, starting from step 1.
These are the steps to configure App ID with Spring Boot:
Create an empty Java + Maven project and name it ‘
springbootsample'. Be sure that the project has a java directory in ‘
/springbootsample/src/main/'and that there is a static directory in ‘
Configure the Maven pom.xml file.
Add the Spring framework as a parent inside the
Add Spring required project dependencies inside the
<project></project>tags, right below the
Create the package com.example in ‘
Create a main
SpringBootSampleJava class in ‘
Add spring annotations to the sample Java class to enable Spring Boot, OAuth 2, and Rest capabilities. Also, extend from
WebSecurityConfigurerAdapterclass, to later configure security access.
Create a main static method to the
SpringBootSampleJava class, and use
SpringApplication.run(…)to start the Spring Boot app.
Override security configuration by adding a
Add two endpoints to the
SpringBootSampleJava class that will be accessible when you perform GET Calls from the front end. The
/userendpoint gives us the logged-in user object (principal) and the
/userInfoendpoint returns a string with the details.
application.ymlconfiguration file in ‘
springbootsample/src/main/resources/‘ and use the information that you obtained from your service credentials to complete your configuration. Be sure to follow the example exactly, including indentations and appending ‘
/authorization', and ‘
/userinfo'to the URIs depending on what you’re trying to achieve.
index.htmlfile in ‘
/springbootsample/src/main/resources/static/‘. This HTML file shows the logged in user information. To create the file, we just need to add some JQuery code.
Running the sample app
Using the command line, navigate to the ‘
/springbootsample/'directory and run the following command to clean the project.
Run the project.
After the app is running, open a browser and go to
http://localhost:8080. The sample app automatically takes us to the login screen. Once the user clicks on
"login", the flow will take you to the App ID screen with the different identity providers available.
Select a login option. App ID will redirect us to the identity provider login page.
Sign in with your credentials. After successfully signing in, you are redirected back to your sample app which now shows the user information.
We have completed our Spring Boot app with App ID. To continue working with the sample, try customizing it based on your needs.
- If you have technical questions about App ID, post your question on Stack Overflow and tag your question with ibm-appid.
- For questions about the service and getting started instructions, use the IBM Developer Answers forum. Include the appid tag.
- Open a support ticket in the IBM Cloud menu.
- Reach out directly to the development team on Slack!
To get started with App ID, check it out in the IBM Cloud Catalog.