Authorization Server Implementation by Using Spring Cloud with Redis as a Token Store and PostgreSQL a Datasource

Architecture

Let’s first run our essential applications by using Docker.

docker run  --name postgres-container --restart always -e POSTGRES_USER=authorization_server -e POSTGRES_DB=authorization_server -e POSTGRES_PASSWORD=authorization_server -p 5432:5432 -d postgres:10

docker run --name redis-token-store --restart always -p 6379:6379 -d redis:6

We will store our tokens in Redis. Redis is a in-memory data structure store. Being in-memory makes it fast while reading data. And we need to be fast.

Our server will support dynamic client registration. So our client details, users and their authorities will be stored in PostgreSQL. Now we can create our server with help of Spring Initializr

Dependencies for Authorization Server

Now let’s add @EnableAuthorizationServer annotation to tell the Spring Boot project that it is a Authorization Server.

Then we need entities to define a user and its roles and permissions.

Base Entity file that contains common fields for each database tables

Permisison table for store Grant Authorities

Role table for store the roles of users.

We will use repository for db communication.

Then create a service that responsible for finding users for our authorization server.

Now we need to set some configurations for created AuthUserDetailsService for use Redis as token store and PostgreSQL for client details.

So we are done coding part. The last job is setting related properties and db schema creation. As you remember we creted the application with Flyway dependency. Flyway is a database migration library. It has many functionality but we are only use it to create our initial data and tables. It follows a filename rules to migrate SQL files. You can see details from here.

While creating SQL files you need to be sure that they are at /resources/db/migration path. Otherwise Flyway won’t see them. If you want to use different folder path, you need to also set spring.flyway.locations config in application.yml file.

Now run application and test.

curl --location --request POST 'http://localhost:5858/oauth/token' \
-u web:web123 --form 'grant_type=password' --form 'username=caner.kaya' --form 'password=caner.kaya'

Here is the result

{
  "access_token": "9ead4c1b-bb85-40b6-a21e-e6789ce905b3",
  "token_type": "bearer",
  "refresh_token": "424f0042-6b1e-4747-a4eb-0cc5142efdf0",
  "expires_in": 3517,
  "scope": "READ WRITE"
}

Also you can check token details

curl --location --request GET 'http://localhost:5858/oauth/check_token?token=9ead4c1b-bb85-40b6-a21e-e6789ce905b3' \
-u web:web123

Here is the result

{
    "aud": [
        "web"
    ],
    "user_name": "caner.kaya",
    "scope": [
        "READ",
        "WRITE"
    ],
    "active": true,
    "exp": 1610824711,
    "authorities": [
        "seller",
        "create_product"
    ],
    "client_id": "web"
}

Thank you for reading :) You can access the source code from here: https://github.com/canerky96/spring-cloud-authorization-server-article