This document and corresponding samples is provided to help you understand how to configure Spring Security validation of OAuth 2.0 self-contained & JSON Web Tokens (JWTs), and how an OpenEdge Client Principal can be generated that your ABL application can use.

These sample cannot present all possible use cases and their configuration, but focuses instead on typical use cases.

The goals of this document and samples is for you to:


  1. Learn the fundamentals of how Spring Security OAuth 2.0 & JWT support provides your ABL application with a means of integrating with other non-OpenEdge services in a single security model using shared user login identities.
  2. Define which types of OAuth 2.0 and JWT tokens can be used to access an OpenEdge ABL application, and the required list of claim fields.
  3. Understand the primary types of Spring Security OAuth 2.0 & JWT configurations used for validating token claims and signatures.
  4. Learn how to configure the Spring Security OAuth 2.0 & JWT token conversion to a Client Principal that can be used by your ABL application, other OpenEdge application servers, and OpenEdge databases.
  5. Gain exposure to some free tools that can be used to generate, validate, and test tokens that can be passed to PAS for OpenEdge for authentication & authorization.

  • Generate and validate tokens for Hash-based Message Authentication Code (HMAC) and RSA Algorithms.
  • Social Authentication Providers like Google.
  • Commercial Authentication Providers like Amazon Web Services (AWS) Cognito.