Simply authentication with JWT in Spring Boot

Question

I am new in security so need little help with this task. I develop small application where I need just authenticate users by credentials, and return jwt token without any roles or scopes (users will consume all rest service).

I just need distinguish authenticated and anonymous user, and verify token.

I checkout a lot of tutorials, but they are a too complex for my purpose.

There are my questions, I will be grateful for any help or some guide in steps what I should do and how:

1. One of tutorials which I found use OAuth2. It's really need implement OAuth2 for my purposes?
2. Which dependency should I use? jjwt or spring security jwt?
3. Really need authorization server and resource server, or exists simpler way?

Thanks.

Answer 1

Its late to answer this question, but still answering this if in case someone is still looking for an answer. Assuming you have already achieved authenticating the credentials, but looking for help with JWT, look at my answer JWT Token is always received as expired while parsing

Hope this helps.

Answer 2

Here is a short answer to your question that hopefully will help you with further research:

1. You dont need to implement your own OAuth2 server. You can use existing OAuth2 compliant application like Keycloak or Mitreid. We found Keycloak to be more future rich and easy to use.

2. If you are just receiving and validating JWT tokens then Spring will do it for you. But in order to create JWT tokens you need to use third party libraries like jjwt or nimbus-jose-jwt.

3. Again you have option to create your own Spring app that will authenticate and create JWT tokens, but it will take more to be fully OAuth2 compliant. My advice is to just use existing OAuth2 app like Keycloak. The resource server is the one that you need to create and is the actual application that is being secured and accessed by JWT token.