Skillget

oauth2-authorization-server

mcp
Security Audit
Fail
Health Warn
  • No license — Repository has no license file
  • Description — Repository has a description
  • Active repo — Last push 0 days ago
  • Low visibility — Only 6 GitHub stars
Code Fail
  • Hardcoded secret — Potential hardcoded credential in docker-compose.yml
Permissions Pass
  • Permissions — No dangerous permissions requested
Purpose
This project is a full-stack OAuth2 Authorization Server built with Java 25 and Spring Boot 4. It is designed to handle user authentication and authorization, integrating with MariaDB, Redis, and monitoring tools via Docker.

Security Assessment
Risk: High. The tool inherently manages highly sensitive data, specifically processing user login credentials and OAuth2 authorization tokens. While it does not broadly execute arbitrary shell commands, it operates via Docker containers. The automated scanner flagged a critical failure for hardcoded secrets in the `docker-compose.yml` file. The README confirms this, exposing default usernames, passwords, database credentials, and API keys. Although these are likely meant for a local development sandbox, embedding and exposing credentials in this manner is a serious security risk. Additionally, the environment variables required for OpenAI, DeepSeek, and Anthropic API keys imply the application makes external network requests to third-party AI services.

Quality Assessment
The project appears to be in active development, with its last push occurring today. It demonstrates strong software engineering practices by utilizing modern frameworks, Testcontainers for integration testing, and JUnit 5. However, the repository lacks a designated license file, meaning users technically have no legal permission to modify or distribute the code. Furthermore, with only 6 stars, the project has extremely low community visibility and adoption, suggesting it is a personal or early-stage endeavor rather than a battle-tested solution.

Verdict
Use with caution; the severe handling of hardcoded credentials and missing license make it suitable only for strictly isolated local testing or educational purposes, not for production environments.
SUMMARY

OAuth2 Authorization Server with MariaDB, Docker OpenTelemetry LGTM, and Redis Integrations with Spring Boot 4, Java 25 and Docker. Integration Tests with Testcontainers and unit Tests with Junit 5, and Mockito

README.md

OAuth2 Authorization Server with Spring Boot 4 and Java 25

Prerequisites

  • Java 25 should be installed --> export JAVA_HOME=$(/usr/libexec/java_home -v 25)
  • Maven should be installed
  • Docker should be installed
  • Postman can be installed

How to Run and Test

  • Run the following commands to set environment variables for AI model API keys

    •   export OPENAI_API_KEY=your_api_key_here
  export DEEPSEEK_API_KEY=your_api_key_here
  export ANTHROPIC_API_KEY=your_api_key_here      # Optional
  export GOOGLE_GENAI_API_KEY=your_api_key_here   # Optional

  •   cd oauth2-authorization-server
  
  # Run tests on the host (requires Docker for Testcontainers)
  mvn clean verify
  
  # Build and start the application together with all infrastructure services
  docker compose --profile start_application up -d --build
  
  # Start only infrastructure services (Redis, MariaDB, LDAP, Ollama, etc.)
  docker compose up -d
  
  # For local development without Docker (requires infrastructure services running via docker compose up -d)
  ./mvnw spring-boot:run   # or: mvn spring-boot:run

  • Import the followings to test in Postman

  • Swagger: http://localhost:9000/swagger-ui/index.html

    • Click Authorize and enter the following credentials
    • client_id: client
    • client_secret: secret
    • Use one of the following default values to log in http://localhost:9000/login
      • username: Developer password: password
      • username: Admin password: password
      • username: User password: password

  • Actuator: http://localhost:9000/actuator/

  • Database credentials

    • url: jdbc:mariadb://localhost:3306/oauth2_authorization_server
    • username: mb_test
    • password: test

  • Redis

    • host: localhost
    • port: 6379

  • Redis Insight: http://localhost:5540/

    • Click Add Redis database
    • Connection URL --> redis://[email protected]:6379
    • Click Add Database
    • img.png

  • Ollama

    • http://localhost:3000/ sign up for an account for local environment
    • Search for mxbai-embed-large and download it if it does not exist
    • Search for mistral and download it if it does not exist
    • Search for deepseek-r1:7b and download it if it does not exist

  • Grafana UI

Debugging Spring Boot Tests in IntelliJ IDEA

  1. Run one of the below commands in the terminal
    • mvn test -Dmaven.surefire.debug
    • If port 5005 is already in use, you can specify a custom port
      • mvn test -Dmaven.surefire.debug="-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000"
  2. Open IntelliJ IDEA
  3. Go to Run > Attach to Process (or use shortcut)
    • Windows/Linux: Ctrl + Alt + 5
    • Mac: Cmd + Alt + 5
  4. Select the Java process running your tests
  5. The test will pause until you connect your debugger. Once connected, you can use breakpoints and step through your
    code.

How to Run and Test with CDC(Class Data Sharing)

  • Java 25+ should be installed
  • Run ./mvnw clean install or./mvnw clean install -Paot or ./mvnw -Paot package command to build the application
    with AOT
  • Run docker-compose up -d command to run necessary services
  • Run docker build -t oauth2-authorization-server -f DockerfileForAOTCache . command to build the image
  • Run docker run -d --restart=always -p 9000:9000 oauth2-authorization-server:latest command to run the image

How to Run and Test Native Image with GraalVM

  • Java 25 GraalVM edition should be installed
  • Run docker-compose up -d command to run necessary services
  • Run ./mvnw -Pnative native:compile or ./mvnw -Pnative native:compile -DskipTests command to build the native image
  • Run ./target/oauth2-authorization-server command to run the native image
  • Install Grype (OPTIONAL)
    • Run native-image-inspect ./target/oauth2-authorization-server-0.0.1 | grype -v command to scan vulnerabilities
  • Run native-image-inspect ./target/oauth2-authorization-server-0.0.1 >output.json command and open output.json or
    visit http://localhost:9000/actuator/sbom/native-image to inspect all libraries, methods etc. used in the native image
  • Run open ./target/oauth2-authorization-server-build-report.html to see build report
  • Use Swagger UI to test the application

Spring Boot with CRaC(Coordinated Restore at Checkpoint) by Creating Ready to Restore Container Image.

  • Warning: for real projects make sure to not leak sensitive data in CRaC files since they contain a snapshot of the
    memory of the running JVM instance.
  • Checkpoint
  • Restore
    • Restore the application with: ./docs/scripts/restore.sh
  • Use Swagger UI to test the application

How to Run and Test AI Models Locally with Docker Desktop Model Runner

  • Requires: Docker Desktop 4.40 and later
  • Run docker-compose up -d command to run necessary services
  • Run docker model pull ai/gemma3:4B-Q4_K_M command to pull the model
    • Run docker model run ai/gemma3:4B-Q4_K_M command to run the model to test it from the command line (OPTIONAL)
  • Docker Desktop --> Settings --> Features in development --> Beta features --> Enable Docker Model Runner -->
    Enable host-side TCP support --> Apply & Restart
    • Docker_Desktop_Enable_Host_Side_TCP_Support.png
  • Run mvn test or mvn clean install or mvn clean package or ./mvnw clean install command to run all the tests
  • Run mvn spring-boot:run command to run the application
  • Use Swagger UI to test the application

References

Reviews (0)

No results found