Developer builds custom IAM system in Spring Boot, documents real-world deployment pitfalls
A developer built identityCore, a self-hosted Identity and Access Management service using Spring Boot 3.3.5, Spring Security, and PostgreSQL, supporting form login alongside Google and GitHub OAuth2 authentication. The project implements role-based access control through database-managed entities rather than hardcoded annotations, with a unified exception handler and consistent API response structure. During deployment behind a reverse proxy with TLS termination, OAuth2 login failed due to Spring Security generating incorrect redirect URIs based on the internal HTTP scheme instead of the public HTTPS address. The fix required a single configuration property — server.forward-headers-strategy=framework — to instruct Spring to trust X-Forwarded-Proto headers sent by the proxy. The developer also highlighted a key distinction between OAuth2 and OIDC, noting that GitHub requires an additional API call to retrieve verified user emails, while Google embeds identity claims directly in a signed JWT.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.
Discussion (0)
Log in to join the discussion and vote.
Log in