Table of Contents
This guide will help you set up and run your authorization server(AS) using Authlete 3.0. Follow these steps to create and configure your service, set up a demo authorization server, and test it.
Note: Get an overview of the Authlete Management Console by reading this article.
This quickstart requires:
To manage and run authorization services, you need an Authlete Account. An Authlete account is free for up to 30 days. You can use a social login, or login using a traditional email/password.
acme
.
acme
organization.Demo AS
.Clone the Authlete Java OAuth Server repository:
git clone https://github.com/authlete/java-oauth-server.git
cd java-oauth-server
Configure the authlete.properties
file to connect the sample OAuth server to your Authlete service from Step 2.
<<Service_ID>>
with the Service ID from Step 2.<<SERVICE_ACCESS_TOKEN>>
with the Access Token from Step 3.base_url
according to your api cluster region:
base_url = https://<<api-cluster-region>>.authlete.com
api_version = V3
base_url = https://us.authlete.com
service.api_key = <<Service_ID>>
service.access_token = <<SERVICE_ACCESS_TOKEN>>
authlete.propertie
file includes commented values for Authlete 3.0 properties that will not be processed by default. Be sure to uncomment Authlete 3.0 property values before running the server.Run the server using either Docker (recommended) or Java:
Using Docker (preferred):
Use the following command to start the server:
docker compose up
Using Java:
Ensure that you have Maven installed and JAVA_HOME
is set correctly. Then, run the following command:
mvn jetty:run
http://localhost:8080
.To test the authorization server, you need to create a client in the Authlete Console.
Navigate to your Demo Service within the Authlete Console.
Click Create Client, enter a descriptive name for the client, and click Create.
Note down the Client ID for later use.
Go to Endpoints -> Global Settings -> Redirect URIs and click Add URI. Add the following Redirect URI:
https://oidcdebugger.com/debug
Leave all other settings as default and click Save Changes.
Visit OpenID Connect Debugger and provide the following details:
http://localhost:8080/api/authorization
Set the Response type to code
and Response mode to form_post
.
(Optional) To test PKCE, select the Use PKCE checkbox. PKCE is enabled by default on your Authlete Service.
Scroll down and click the Send Request button to start the authorization process.
This will redirect you to the login page of the Demo AS. Enter the following credentials and click Authorize:
max
max
You will be redirected back to the OIDC Debugger with an Authorization Code issued by Authlete.
Click Start over to return to the home page.
Set the Response type to id_token
.
Click Send Request to initiate a new authorization process.
You will be redirected back to the debugger with a JWT ID Token issued by Authlete.
Security Note: ⚠️ For this demo setup, the ID Token is signed using the
client_secret
and theHS256
algorithm. This configuration is intended for demo purposes only. For real-world applications, you should upload your JSON Web Key (JWK) and use an asymmetric signing algorithm likeRS256
.
And that’s it! 🎉 You’ve successfully set up and tested your authorization server with Authlete 3.0.
Now that your authorization server is up and running, you can explore more advanced features and configurations: