In this article, we’ll take a look at building a secured REST API by integrating with Okta as the identity provider via OpenID Connect (OIDC). This article is based on the DZone article Building a Java REST API with Quarkus, which explains how to create a Java REST API with Quarkus and Okta. We will be implementing a similar scenario here by using Ballerinalang, and show how it’s simpler and more straightforward to implement compared to our Java counterpart.
Let’s start off by creating a simple hello world service application as our base scenario. Add the following code to a file named hello.bal.
Listing 1:_ Hello World Service_
The above service can be run by using the following command:
Shell
1
$ ballerina run hello.bal
2
3
[ballerina/http] started HTTP/WS listener 0.0.0.0:8080
The final source code of our hello world service can be found
Let’s invoke the service by sending a request.
Shell
1
$ curl http://localhost:8080/secured/hello
2
Hello Anonymous, authScheme: N/A
Here, the service is invoked through HTTP without any form of user authentication.
Let’s update our hello world service in order to authenticate users who invoke it using a JWT.
#security #microservice #okta #ballerina #open id connect