Quick Setup Guide

This guide will help you set up and run your authorization server(AS) using Authlete 3.0. Follow these steps to create and configure your service, set up a demo authorization server, and test it.

Note: Get an overview of the Authlete Management Console by reading this article.

Requirements

This quickstart requires:

  • Docker 1.29 or higher
  • Java

Step 1: Register for an Authlete Account

To manage and run authorization services, you need an Authlete Account. An Authlete account is free for up to 30 days. You can use a social login, or login using a traditional email/password.

Step 2: Create an Organization

  1. Log in to the Authlete Console.
  2. Create a new organization named acme.
    homepage

Step 3: Create a Service

  1. Switch to your newly created acme organization.
  2. Create a new service under this organization.
  3. Keep all settings as default for now.
  4. Click Create. Make sure to note down the Service ID for use in Step 4.
homepage

Step 4: Generate a Service Access Token

  1. Go to Service Settings and select Basic Settings.
  2. Open the Advanced tab.
  3. In the Access Tokens section, enter a name like Demo AS.
  4. Click Create to generate the token. Make sure to copy the token for use in Step 4.
homepage

Step 5: Set Up Demo AS

  1. Clone the Authlete Java OAuth Server repository:

    git clone https://github.com/authlete/java-oauth-server.git
    cd java-oauth-server
    
  2. Configure the authlete.properties file to connect the sample OAuth server to your Authlete service from Step 2.

    • Replace <<Service_ID>> with the Service ID from Step 2.
    • Replace <<SERVICE_ACCESS_TOKEN>> with the Access Token from Step 3.
    • Adjust the base_url according to your api cluster region:
      • base_url = https://<<api-cluster-region>>.authlete.com
    api_version = V3
    base_url = https://us.authlete.com
    service.api_key = <<Service_ID>>
    service.access_token = <<SERVICE_ACCESS_TOKEN>>
    
    • The authlete.propertie file includes commented values for Authlete 3.0 properties that will not be processed by default. Be sure to uncomment Authlete 3.0 property values before running the server.
  3. Run the server using either Docker (recommended) or Java:

    • Using Docker (preferred):

      Use the following command to start the server:

      docker compose up
      
    • Using Java:

      Ensure that you have Maven installed and JAVA_HOME is set correctly. Then, run the following command:

      mvn jetty:run
      

Step 6: Verify the Setup

  1. Open your browser and go to http://localhost:8080.
  2. You should see the home page of the Demo authorization server.
homepage

Step 7: Create a Client

  1. To test the authorization server, you need to create a client in the Authlete Console.

  2. Navigate to your Demo Service within the Authlete Console.

  3. Click Create Client, enter a descriptive name for the client, and click Create.

    Create Client Screenshot
  4. Note down the Client ID for later use.

  5. Go to Endpoints -> Global Settings -> Redirect URIs and click Add URI. Add the following Redirect URI:

    • https://oidcdebugger.com/debug
  6. Leave all other settings as default and click Save Changes.

    Create Client Screenshot

Step 8: Test Your Authorization Server

OAuth2 Authorization Code Flow

  1. Visit OpenID Connect Debugger and provide the following details:

    • Authorize URI: http://localhost:8080/api/authorization
    • Client ID: Enter the Client ID you copied from Step 6.
  2. Set the Response type to code and Response mode to form_post.

  3. (Optional) To test PKCE, select the Use PKCE checkbox. PKCE is enabled by default on your Authlete Service.

  4. Scroll down and click the Send Request button to start the authorization process.

    Create Client Screenshot

This will redirect you to the login page of the Demo AS. Enter the following credentials and click Authorize:

  • Login ID: max
  • Password: max

You will be redirected back to the OIDC Debugger with an Authorization Code issued by Authlete.

Create Client Screenshot

OIDC ID Token Flow

  1. Click Start over to return to the home page.

  2. Set the Response type to id_token.

  3. Click Send Request to initiate a new authorization process.

  4. You will be redirected back to the debugger with a JWT ID Token issued by Authlete.

    ID Token Screenshot

Security Note: ⚠️ For this demo setup, the ID Token is signed using the client_secret and the HS256 algorithm. This configuration is intended for demo purposes only. For real-world applications, you should upload your JSON Web Key (JWK) and use an asymmetric signing algorithm like RS256.

And that’s it! 🎉 You’ve successfully set up and tested your authorization server with Authlete 3.0.

Now that your authorization server is up and running, you can explore more advanced features and configurations:

  • Explore the API Reference Documentation for more details on Authlete APIs used by your authorization server: Check the API Docs