A simple Spring Boot app that shows how to add secure sign-in with Scalekit (OIDC). You can it as a starting point or as a reference to integrate enterprise-grade authentication.
What this example includes:
- The app signs users in with Scalekit using the OpenID Connect (OIDC) authorization flow.
- The
/dashboardpage is protected by Spring Security and redirects unauthenticated users to the login flow. - The security configuration shows how to register an OAuth 2.0 client and wire login, callback, and logout endpoints.
- The Thymeleaf templates use Bootstrap classes so pages render well on desktop and mobile.
- After login, the dashboard displays selected ID token claims to demonstrate how to access user information.
- Java 17 or later is installed.
- Maven 3.6 or later is installed.
- You have a Scalekit account with an OIDC application. Sign up
Pick one method below.
Method A — application-local.properties (recommended for local dev):
Create or update src/main/resources/application-local.properties:
# Replace placeholders with your values
scalekit.env-url=https://your-env.scalekit.io
scalekit.client-id=YOUR_CLIENT_ID
scalekit.client-secret=YOUR_CLIENT_SECRET
scalekit.redirect-uri=http://localhost:8080/auth/callback
# Optional server config
server.port=8080Method B — environment variables:
export SCALEKIT_ENV_URL=https://your-env.scalekit.io
export SCALEKIT_CLIENT_ID=YOUR_CLIENT_ID
export SCALEKIT_CLIENT_SECRET=YOUR_CLIENT_SECRET
export SCALEKIT_REDIRECT_URI=http://localhost:8080/auth/callbackImportant:
- Never commit secrets to source control.
- Ensure the redirect URI exactly matches what is configured in Scalekit.
# Build
mvn clean compile
# Run (default profile)
mvn spring-boot:run
# Or run with the local profile (uses application-local.properties)
mvn spring-boot:run -Dspring-boot.run.profiles=localThe application will start at http://localhost:8080
To find your required values:
-
Visit Scalekit Dashboard and proceed to Settings
-
Copy the API credentails
- Environment URL (e.g.,
https://your-env.scalekit.dev) - Client ID
- Client Secret
- Environment URL (e.g.,
-
Authentication > Redirect URLs > Allowed redirect URIs:
- Add
http://localhost:8080/auth/callback - Optionally add
http://localhost:8080as a post-logout redirect
- Add
| Route | Description | Auth required |
|---|---|---|
/ |
Home page with login option | No |
/login |
Custom login page | No |
/dashboard |
Protected dashboard | Yes |
/oauth2/authorization/scalekit |
Start the OIDC flow | No |
/auth/callback |
OIDC callback | No |
/logout |
Logout and end session | Yes |
- Start the app (see Quick start)
- Visit
http://localhost:8080 - Click Sign in with Scalekit
- Authenticate with your provider
- Open the dashboard and then try logout
Stuck? Contact us.
Add this to src/main/resources/application.yml:
logging:
level:
com.example.scalekit: DEBUG
org.springframework.security: DEBUG
org.springframework.security.oauth2: TRACEsrc/
├── main/
│ ├── java/com/example/scalekit/
│ │ ├── ScalekitDemoApplication.java # Main application class
│ │ ├── config/
│ │ │ ├── ScalekitConfig.java # Scalekit client configuration
│ │ │ └── SecurityConfig.java # Spring Security configuration
│ │ └── controller/
│ │ ├── HomeController.java # Home and login endpoints
│ │ └── DashboardController.java # Protected endpoints
│ └── resources/
│ ├── application.yml # Main configuration
│ ├── application-local.properties # Local configuration
│ └── templates/ # Thymeleaf templates
│ ├── index.html # Home page
│ ├── login.html # Login page
│ ├── dashboard.html # User dashboard
│ └── layout.html # Base layout
└── test/ # Test files
- Spring Boot
- Spring Security (OAuth 2.0 Client)
- Scalekit SDK
- Thymeleaf
- Bootstrap (via CDN)
See pom.xml for exact versions.
- Read the Scalekit docs: Documentation.
- Read the Spring Boot docs: Documentation.
This project is for demonstration and learning. Refer to dependency licenses for production use.