Spring Boot Microservices Security 🔐 | Auth0 as Identity Provider

Timestamped Chapters

0:00 – Welcome back & security use case recap
0:20 – Tasks under “Configure Auth0” feature
0:45 – Auth0 as the bank’s bouncer and gatekeeper 🛡️
1:07 – Identity Provider vs Resource Server explained
1:45 – Passport office analogy: tokens vs APIs
2:10 – Logging into Auth0 & understanding the Tenant
2:50 – Protected resources & why APIs matter
3:05 – Management API vs Custom API
3:38 – Creating the Bank Stack API
4:17 – Audience identifier and how APIs validate tokens
5:45 – Enabling RBAC (Role-Based Access Control)
6:10 – Defining master permissions in the API
6:50 – Grouping permissions into roles
8:10 – How permissions flow into access tokens
9:40 – Understanding Applications (clients) in Auth0
10:13 – 3 key clients: Admin App, M2M App, and SPA
11:00 – SPA settings: callback URLs & web origins
12:38 – Next steps: create user, PKCE login, integrate Spring Security




In this video, we kick off the security foundation for our digital bank and introduce Auth0 as the Identity Provider that issues and signs secure JWT access tokens.

We’ll break down one of the most important security concepts in microservices:
🛡️ Identity Provider vs Resource Server – what each does and why they must stay separate
📜 APIs & Audience – how to define your protected resources in Auth0
🔐 Permissions & RBAC – how to group granular scopes into roles like Customer, Admin, and OpsTeam
📨 Applications & Clients – how SPAs, M2M apps, and admin services register and request tokens
💡 Zero Trust Principle – why even internal microservices must carry valid JWTs

Think of Auth0 as the passport office – it issues passports (tokens).
Our Spring Boot APIs are the airport security – they verify those passports and decide what’s allowed.

By the end of this video, you’ll know how to secure your microservices with Auth0, OAuth2, and JWT, and how permissions and roles flow end-to-end in a real-world banking system.

📚 What’s Next:
👉 In the upcoming videos, we’ll design our first secure use case and integrate Auth0 with Spring Boot resource servers.

#Auth0 #oauth2