This example shows how to secure an HTTP API implemented in Kotlin.
It is implemented using lightweight libraries to allow showing the underlying security concepts.
- HTTP: Http4k.
- JWT: Auth0 JWT.
- JWKS: Auth0 JWKS.
Examples using other technologies are available in Auth0 quickstarts.
-
OAuth2 Authorisation server: The configuration included in the sources use a free personal Auth0 account or any other alternative could be configured setting environment variables:
OAUTH_SERVER_URL
andOAUTH.AUDIENCE
. -
Client credentials need to be configured in the authorisation server and then provide them via environment variables:
- Client with no scopes included in the token claims:
CLIENT_ID
andCLIENT_SECRET
. - Client with "read:messages" scope:
READ_CLIENT_ID
andREAD_CLIENT_SECRET
.
- Client with no scopes included in the token claims:
This example only includes end to end tests that runs the application running on a Jetty HTTP server.