 Hello, developers. My name is Matt Rabel, and I am a Java hipster. Today I'd like to show you how to create a J-Hipster application with JWT authentication and then convert it to use OAuth2 and OpenID Connect. So I'll open up a terminal window, and I'm using J-Hipster 620. And I'll create a directory just called demo. CD into that and run J-Hipster. I'll create a monolith. If you'd like to see a microservice example with OAuth2, I have other videos that you can certainly peruse and find on our channel. And I'll just call it demo. Well, package name is fine. We're not going to use a J-Hipster registry, and I'm going to use JWT authentication. And then we'll just use SQL to keep things simple. And MySQL, use H2 in development. We'll just choose the defaults for spring cache. Second-level cache will say yes. We'll use Maven for simplicity. And just the defaults for everything else. So Angular, the default boot swatch theme. Internationalization, yes, but only one language. And we won't choose anything else. So you can see that took almost three minutes to run. Most of that's NPM install. It just takes a little bit to execute and download all those JavaScript dependencies. But with this, we can run MVN to start everything up. And now that that's running, we can click on local host 8080, click sign in, and use admin-admin or user-user. You can see we're logged in. There are no entities. But of course, we could look at user management. And we could browse through the configuration or even look at health checks. Or the metrics dashboard is pretty cool as well. And then we can log out. So let's say you developed your J-Hipster app using JWT. And you've committed it all. And you want to switch to OAuth. So it's actually pretty easy. You just do r minus rf and delete everything. And one of the things about r minus rf is it doesn't delete .files. So you can go into the urc.json file that's created. Go down to JWT and type in OAuth2. And so if you had generated entities, you would want to regenerate your app. And you would want to regenerate with those entities. So you can just type J-Hipster with entities. And I didn't create any in this example. But if you did and you had a JWT app, you could use this mechanism to basically delete everything, reconfigure it using OAuth, and regenerate your app. And then you can use a diff tool if you modified anything to make or reconstruct the changes that you made to generated entities, controllers, services, et cetera. So you can see that took about two minutes. And the Git status will show that nothing's really changed. But if we were to open up something like GitHub desktop and then add the existing repository, users, and we're able to demo, you can see we can undo that. And it'll show the difference in files, right? Including like Kiko has been added, J-Hipster Realm. These are all the preconfigured stuff. The security configuration has changed. So then you can see all the differences. And go through them like that if you want. So now let's run it. Since we're using OAuth 2, it uses KeyCloak by default because I can run it in a Docker container. So I need to start that source main Docker KeyCloak up, dash D so it runs in the daemon. And then I can start the app. Now it finishes starting. I can open it up. And if we click sign in, it'll redirect us to KeyCloak to log in. And now we're using OpenID Connect. If we were to go to something like metrics, you can see that everything works as before. There no longer is user management because we expect you to do that on your identity provider, whether it's KeyCloak or Octa or someone else like Google. That's where you would do it. And then of course you can log out. And the log out's a new feature that we didn't have in J-Hipster 5. If you click sign in again, you would still be signed in but we made log out work like people wanted it to. And so now I'd like to show you how to switch to Octa. So if we stop it and then open up source main resources config application.yaml, this is where spring security is configured for OAuth. So if you scroll down here, you'll see the issuer, client ID and the client web app. If you go to developer.octa.com you can go to sign up and create a new account. But I already have an account. So I'm gonna go to dev, my instance, log in. And I'll start by creating a new application, call it web. We'll just call it J-Hipster app. And then you will need to change the redirect URI. So we do include that in the read me. So if you open that up, it actually has what you'll need down here. This is the default for key cloak. And then for Octa, you'll wanna use this. So we can go back to our application.yaml, put it right here. Another thing you can do is you can actually use environment variables, which is a little bit better because then you're not storing the client ID and client secret in source control, especially if it's a public repo. But I'm just gonna use this for simplicity. So dev, 1-3-3-2-0.octa.com and then my client ID. I have to click done to get that. I also need to add localhost 8080 as a redirect URI for logging out. And then for the log in, I need to change that. It's here in the read me to this here. There we go. And that's hard coded in J-Hipster, so that's what we expect it to be. And then you can click save. And then the other things you'll need to do is configure groups like J-Hipster expects. So you'll need a role admin and a role user. That's just what it expects by default. So I've created those and put users in them. And then also under API authorization servers, you'll need to modify the default one and add a groups claim. So I already have one in here. It's part of the ID token. I'll delete that and then re-add it just to show you. So you can add a claim, we'll call it groups. It must be called groups or roles and then the value type is groups and we'll make it a regex so we can include everything and then save it. Oh, must be in the ID token, not in an access token. So there we are. And now all of our security and role-based access control will work. So if we go back to our application, this J-Hipster app, we grab the client ID, put it in there and the client secret. Put it right there. And now we can restart our app and we'll be using Octa. So once that's up, we can log in. And since I already logged into Octa, it didn't even prompt me to log in but if I were to log out, I could log in as a different user. For instance, my demo user and this is just a regular user, not an admin user. So you can see there is no admin menu now and if I were to log out, log in as my regular user, then it is set as an admin and I will see that admin menu right there. So this has been a tour of J-Hipster and how to convert it from using JWT authentication to using OAuth and OpenID Connect. If you liked this video, I encourage you to follow my team Octadev on Twitter. I am EmRabel on Twitter. Never build authentication. Friends don't let friends build authentication. So sign up for a developer account on Octa and follow us on YouTube. We have a lot of videos that we publish usually on a weekly basis and we like to be connected with developers like you.