This sample demonstrates how to use Auth0 to perform authentication using the Auth0 Java MVC Commons library in a Java Servlet web application. Download or clone this repository and follow the instructions below to configure and run the application.

To learn more about the Auth0 Java MVC Commons library, refer to the project's documentation.

1. On the Auth0 Dashboard, click CREATE APPLICATION, provide a name for your Application, select Regular Web Application, and click Create
2. Go to the Settings tab of your Application
3. Add the URL http://localhost:3000/callback to the Allowed Callback URLs field
4. Add the URL http://localhost:3000/login to the Allowed Logout URLs field
5. Click SAVE CHANGES
6. The Domain, Client ID, and Client Secret values will be used next to configure the Java application

Set the Auth0 Application values from above in the src/main/webapp/WEB-INF/web.xml file.

<context-param>
    <param-name>com.auth0.domain</param-name>
    <param-value>{YOUR_AUTH0_DOMAIN}</param-value>
</context-param>

<context-param>
    <param-name>com.auth0.clientId</param-name>
    <param-value>{YOUR_AUTH0_CLIENT_ID}</param-value>
</context-param>

<context-param>
    <param-name>com.auth0.clientSecret</param-name>
    <param-value>{YOUR_AUTH0_CLIENT_SECRET}</param-value>
</context-param>

By default, mvc-auth-commons uses the Authorization Code flow and assumes tokens are signed with the HS256 signing algorithm.

If using RS256 (recommended, and the default for new applications), you need to configure the AuthenticationController with a JwkProvider to fetch the public signing key used to verify the ID token:

JwkProvider jwkProvider = new JwkProviderBuilder(domain).build();
AuthenticationController.newBuilder(domain, clientId, clientSecret)
    .withJwkProvider(jwkProvider)
    .build();

These values are used by the the AuthenticationControllerProvider to configure the Auth0 Java MVC Commons library, to enable users to login to the application.

Open a terminal or command line, navigate to the 01-Login directory, and run the following command:

./gradlew clean appRun

If you are using a Windows environment, run the following command:

gradlew clean appRun

The server will be accessible on http://localhost:3000/portal/home. After logging in you should see the token in the header.

In order to run the example with docker you need to have docker installed.

You also need to set the client credentials as explained previously.

Execute in command line sh exec.sh to run the Docker in Linux, or .\exec.ps1 to run the Docker in Windows.

If you have found a bug or if you have a feature request, please report them at this repository issues section. Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.

Auth0 helps you to:

• Add authentication with multiple authentication sources, either social like Google, Facebook, Microsoft Account, LinkedIn, GitHub, Twitter, Box, Salesforce, amont others, or enterprise identity systems like Windows Azure AD, Google Apps, Active Directory, ADFS or any SAML Identity Provider.
• Add authentication through more traditional username/password databases.
• Add support for linking different user accounts with the same user.
• Support for generating signed Json Web Tokens to call your APIs and flow the user identity securely.
• Analytics of how, when and where users are logging in.
• Pull data from other sources and add it to the user profile, through JavaScript rules.

1. Go to Auth0 and click Sign Up.
2. Use Google, GitHub or Microsoft Account to login.

If you have found a bug or if you have a feature request, please report them at this repository issues section. Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.

Auth0

This project is licensed under the MIT license. See the LICENSE file for more info.