Spring Security Java API Getting Started

This quickstart will guide you through the various tasks related to using Auth0-issued JSON Web Tokens to secure your Java Spring Security API.


The final project is also available in the sample repository.

Get Your Application Keys

When you signed up for Auth0, you were invited to create a new client.

There are some details about this client that your application needs to know about to properly communicate with Auth0, including your Client ID and Domain. You can retrieve these values from the settings area for your client in the Auth0 dashboard.

Please note that if you download the samples available for this tutorial, these keys will be pre-populated for you. If you have created more than one client in your account, the sample will come with the values for your Default App.

App Dashboard

Create an API

Create a new API by accessing the APIs section of the dashboard. Type a name and an identifier, which will represent the auth0.apiAudience value that you have to set in the configuration file. Next, choose the signing algorithm. Click the Create button and you'll be redirected to the API you've just created. In the Settings tab you can change the token expiration and allow refreshing a token for that API.

The example API in this tutorial will be centered around a Photos resource. Create some custom scopes to limit the access to the PhotosController which will be created in the next section. In the API screen, click the Scopes tab and add the following scopes: create:photos, read:photos, update:photos and delete:photos.

Install the Dependencies

Add the auth0-spring-security-api dependency.

If you are using Maven, add the dependency to your pom.xml:


If you are using Gradle, add it to the dependencies block:

compile 'com.auth0:auth0-spring-security-api:1.0.0-rc.2'

Configure your Spring Security API

Your Spring Security API needs some information in order to authenticate against your Auth0 account. The downloadable sample comes with a configration file already in place but you may need to update some of the entries with the valid values for your API. The file is /src/main/resources/auth0.properties and it contains the following:

Attribute Description
auth0.issuer The issuer of the JWT Token. This is typically your auth0 domain with a https:// prefix and a / suffix. For example, if your auth0.domain is example.auth0.com then the auth0.issuer should be set to https://example.auth0.com/ (the trailing slash is important).
auth0.apiAudience The unique identifier for your API. You can find the correct value on the APIs section of the Dashboard. *

If you download the seed project using our Download Sample button then the issuer attribute will be populated for you, unless you are not logged in or you do not have at least one registered client. Do not forget to manually set the apiAudience attribute.

Next Tutorial
2. Authorization
Use Auth0 for FREECreate free Account