The intention of this sample is to give developer a bird's eye view of the popular authentication protocol like OIDC and some PingOne for Customers (Ping14C) Authentication and Management API services usage, that allows you to manage your organization’s users and applications, and of course - users authorization and authentication.

It samples such flows like - register a new user, update user password by logged in user or by application itself, and recover a forgotten password scenario.

A tutorial video detailing the implementation of this sample application is available on YouTube: https://youtu.be/PbtvtXv3ZnE

1. Add Ping14C spring-boot-sdk artifact to your pom:

    <dependency>
      <groupId>com.pingidentity.samples</groupId>
      <artifactId>spring-boot-sdk</artifactId>
      <version>${sdk.version}</version>
    </dependency>

You may want to add additional dependency to make your application development experience a little more pleasant, like <artifactId>spring-boot-devtools</artifactId> Since we are using Thymeleaf template engine, you can benefit from spring.thymeleaf.cache that controls compiled templates cache to avoid repeatedly parsing template files.

2. Until we are storing spring-boot-sdk jar in GitHub with GitHub Maven Plugins(that should not be a case until at least October of 2019), please add this server configuration to your maven settings.xml:

<server>
  <id>github</id>
  <password>OAUTH2TOKEN</password>
</server>

where OAUTH2TOKEN is a personal access token you need to create (unless you have some) if you have Two-factor Authentication, or

<server>
  <id>github</id>
  <username>GitHubLogin</username>
  <password>GitHubPassw0rd</password>
</server>

in a simple user:password case.

Please don't forget to set OAUTH2TOKEN as environment variable(if you are using it) for login failures prevention:

 export GITHUB_OAUTH_TOKEN={OAUTH2TOKEN}

3. Create two applications through Ping14C admin console with the following configurations:

• Worker Application with default options. Note that this Worker application instance will inherit the same Roles as the user who creates the instance. These Roles can be edited after the application instance is created.

• Native, Single Page or Web Application (with Authorization Code or Implicit Grant Type) with such list of OIDC and PingOne platform scope's:

  • OIDC: openid,profile,phone,email,address
  • PingOne's : p1:reset:userPassword, p1:set:env:userPassword - to change user password by the user

Most of PingOne platform scopes are self-explanatory, but if you need more details about them please check "Configure access through scopes" part.

4. Enable both applications in Ping14C admin console.

5. Configure your spring application configuration application.yml by replacing all <...> placeholders with the following information:

   • <environment_id> with your environment ID
   • Worker Application configuration in oauth2.client path copying over data from corresponding application from Ping14C admin console:
     • <client_credentials_client_id> with your client id (in client-id variable)
     • <client_credentials_client_secret> with your client secret (in client-secret variable)
   • Native (Single Page or Web) Application configuration in spring.security.oauth2.client path
     • <authorization_code_client_id> with your client id (in clientId variable)
     • <authorization_code_client_client_credentials_client_secret> with your client secret (in clientSecret variable)

application.yml

• authorizationGrantType or authorization-grant-type: OAuth 2.0 defines four authorization grant types, but Spring Boot supports only 3: authorization_code, implicit, and client_credentials.

pom.xml

• <artifactId>spring-boot-devtools</artifactId> - set of tools that can make the application development experience a little more pleasant.
• <artifactId>spring-boot-sdk</artifactId> - PingOne for Customers spring-boot SDK that is temporarily stored in github raw