Java

Used Constants:

    private static String OIDC_AUTH_END_POINT = "https://tenantname.aws1.test1.com/auth/realms/{tenantname}/protocol/openid-connect/auth";
    private static String OIDC_CLIENT = "test";
    private static String OIDC_CLIENT_SECRET = "dfd3092a-a6dc-4e94-9662-f451033074d4";
    private static String OIDC_TOKEN_ENDPOINT = "https://tenantname.aws1.test1.com/auth/realms/{tenantname}/protocol/openid-connect/token";

/auth/oidc (POST)

   public String getNonce() {
        String generatedString = RandomStringUtils.random(10, true, true);
        return generatedString;
    }

    @GetMapping("/auth/oidc")
    public Map<String, String> oidc(@RequestParam String redirectURI) {
        String composedUrl = String.format("%s?client_id=%s&redirect_uri=%s&scope=openid&response_type=code&response_mode=query&nonce=%s", OIDC_AUTH_END_POINT, OIDC_CLIENT, redirectURI, getNonce());
        Map<String, String> response = Map.of("client_id", OIDC_CLIENT, "auth_url", OIDC_AUTH_END_POINT, "composed_url", composedUrl);
        return response;
    }

/auth/code (POST)

    @Autowired
    UserRepository userRepository;

    @PostMapping(path = "/auth/code", consumes = "application/json", produces = "application/json")
    public ResponseEntity code(@RequestBody CodeDTO codeDTO) throws JSONException {
        RestTemplate restTemplate = new RestTemplate();

        HttpHeaders headers = new HttpHeaders();
        headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
        MultiValueMap<String, String> map = new LinkedMultiValueMap<>();
        map.add("client_id", OIDC_CLIENT);
        map.add("grant_type", "authorization_code");
        map.add("code", codeDTO.getCode());
        map.add("client_secret", OIDC_CLIENT_SECRET);
        map.add("redirect_uri", codeDTO.getRedirectUrl());


        HttpEntity<MultiValueMap<String, String>> entity = new HttpEntity<>(map, headers);
        ResponseEntity<String> response =
                restTemplate.exchange(OIDC_TOKEN_ENDPOINT,
                        HttpMethod.POST,
                        entity,
                        String.class);
        JSONObject jsonObject = null;
        try {
            jsonObject = new JSONObject(response.getBody());
        } catch (JSONException err) {
        }
        String idToken = jsonObject.getString("id_token");
        if (idToken == null) {
            return ResponseEntity.status(HttpStatus.NOT_FOUND).build();
        }
        DecodedJWT jwt = JWT.decode(idToken);
        String email = jwt.getClaim("email").asString();
        User user = userRepository.findByEmailAddress(email);
        if (user == null) {
            return ResponseEntity.status(HttpStatus.ACCEPTED).build();

        } else {
            return ResponseEntity.ok(user);
        }


    }
}

class CodeDTO {
    String code;
    String redirectUrl;

    public CodeDTO(String code, String redirectUrl) {
        this.code = code;
        this.redirectUrl = redirectUrl;
    }

    public String getCode() {
        return code;
    }

    public void setCode(String code) {
        this.code = code;
    }

    public String getRedirectUrl() {
        return redirectUrl;
    }

    public void setRedirectUrl(String redirectUrl) {
        this.redirectUrl = redirectUrl;
    }

info

• This repo contains a Java based app that expresses the Implicit flow of OpenID Connect - Spring - Authorization Flow.