Building a Secure REST API with OpenID Connect

Building a Secure REST API with OpenID Connect

In this article, we’ll take a look at building a secured REST API by integrating with Okta as the identity provider via OpenID Connect (OIDC). This article is based on the DZone article Building a Java REST API with Quarkus, which explains how to create a Java REST API with Quarkus and Okta. We will be implementing a similar scenario here by using Ballerinalang,

Introduction

In this article, we’ll take a look at building a secured REST API by integrating with Okta as the identity provider via OpenID Connect (OIDC). This article is based on the DZone article Building a Java REST API with Quarkus, which explains how to create a Java REST API with Quarkus and Okta. We will be implementing a similar scenario here by using Ballerinalang, and show how it’s simpler and more straightforward to implement compared to our Java counterpart. 

Prerequisites

  • Ballerina Installation(>= v1.2.6)
  • Verify the installation by typing “ballerina -v” in the command line. This should output the currently installed Ballerina version. 
  • Okta Developer Account: An Okta developer account can be created by navigating to https://developer.okta.com/
  • CURL or another suitable HTTP client for your respective environment.

Hello World Ballerina Service

Let’s start off by creating a simple hello world service application as our base scenario. Add the following code to a file named hello.bal.

hello world

Listing 1:_ Hello World Service_

The above service can be run by using the following command:

Shell

1

$ ballerina run hello.bal

2

3

[ballerina/http] started HTTP/WS listener 0.0.0.0:8080

The final source code of our hello world service can be found 

Let’s invoke the service by sending a request. 

Shell

1

$ curl http://localhost:8080/secured/hello

2

Hello Anonymous, authScheme: N/A

Here, the service is invoked through HTTP without any form of user authentication. 

A Secured Greeting

Let’s update our hello world service in order to authenticate users who invoke it using a JWT.

security microservice okta ballerina open id connect

Bootstrap 5 Complete Course with Examples

Bootstrap 5 Tutorial - Bootstrap 5 Crash Course for Beginners

Nest.JS Tutorial for Beginners

Hello Vue 3: A First Look at Vue 3 and the Composition API

Building a simple Applications with Vue 3

Deno Crash Course: Explore Deno and Create a full REST API with Deno

How to Build a Real-time Chat App with Deno and WebSockets

Convert HTML to Markdown Online

HTML entity encoder decoder Online

Building a Secure REST API with OpenID Connect - DZone Microservices

In this article, we’ll take a look at building a secured REST API by integrating with Okta as the identity provider via OpenID Connect (OIDC).

Building a Secure REST API with OpenID Connect

In this article, we’ll take a look at building a secured REST API by integrating with Okta as the identity provider via OpenID Connect (OIDC).

Microservices and Its Security Patterns

Microservices and its security patterns. A developer's view on common security patterns used in most of the API-architecture practices in the industry to make API and Application, as safe as possible.

Microservices Security in Action

This recently published book on microservices security highlights the patterns and best practices of ensuring microservices are safe and secure.

Best Custom Web & Mobile App Development Company

Top Web & Mobile Application Development Company in India & USA. We specialize in Golang, Ruby on Rails, Symfony, Laravel PHP, Python, Angular, Mobile Apps, Blockchain, & Chatbots