This repository contains all the code for testing a Spring Cloud Gateway, and OAuth2 patterns code flow, token relay and client credentials grant, with Okta as authorization server.
Prerequisites:
- Java 8+
- cURL
To install this example, run the following commands:
git clone https://github.com/indiepopart/spring-cloud-gateway.git
Log in to your Okta Developer account (or sign up if you don’t have an account). Setup the client application:
From the Applications page, choose Add Application. On the Create New Application page, select Web. Set the following values:
- Name: API Gateway
- Base URIs: http://localhost:8080/
- Login redirect URIs: http://localhost:8080/login/oauth2/code/okta
- Logout redirect URIs: http://localhost:8080
- Grant type allowed: Authorization Code, Refresh Token
Copy the ClientId and ClientSecret. Copy the issuer, found under API > Authorization Servers.
From the Applications page, choose Add Application. On the Create New Application page, select Service. Set the following values:
- Name: Cart Service
Copy the ClientId and ClientSecret.
Create a custom scope to restrict what the cart-service
accessToken can access. From the menu bar select API -> Authorization Servers. Edit the authorization server by clicking on the edit pencil, then click Scopes -> Add Scope. Fill out the name field with pricing
and press Create.
Run eureka
:
cd spring-gateway/eureka
./mvnw spring-boot:run
Run api-gateway
:
cd spring-gateway/api-gateway
OKTA_OAUTH2_ISSUER={yourOktaIssuer} \
OKTA_OAUTH2_CLIENT_ID={clientId} \
OKTA_OAUTH2_CLIENT_SECRET={clientSecret} \
./mvnw spring-boot:run
Run cart-service
:
cd spring-gateway/cart-service
SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_PRICINGCLIENT_CLIENTID={serviceClientId} \
SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_PRICINGCLIENT_CLIENTSECRET={serviceClientSecret} \
./mvnw spring-boot:run
Run pricing-service
:
cd spring-gateway/pricing-service
./mvnw spring-boot:run
Got to http://localhost:8080/greeting and login with Okta. Copy the accessToken and send a create cart request through the gateway using curl:
export ACCESS_TOKEN={accessToken}
curl -v\
-d '{"customerId": "[email protected]", "lineItems": [{ "productName": "jeans", "quantity": 1}]}' \
-H "Authorization: Bearer ${ACCESS_TOKEN}" \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
http://localhost:8080/cart