This is a SpringBoot backend application written in Kotlin and Java8 for authenticating user with Auth0 in Traefik. Use the forward authentication configuration in Traefik and point it to this backend to protect frontends with Auth0 login.

The backend application supports multiple Auth0 applications and APIs based on the domainname/subdomainname of the application and will save the JWT and the Access Token received from Auth0 as a cookie in the browser. When visitors access a protected frontend configured in Traefik, a http call will be sent to this backend to validate that the user is a valid user.


Main principles used for the code structure and application logic:

  • Domain Driven Design

  • CQRS

  • Ports And Adapters, Hexagonal Architecture.

  • REST + hypermedia.

Compile with Maven

mvn clean install

Continuous integration and deployment

The project has been comfigure to compile of Git push with Travis-CI automatically. When a build has sucessfully been compiled and packaged the resulting Docker Image will be pushed to the ForwardAuth DockerHub repository where it can be downloaded.

As a part of the automated build pipeline the code will be scanned with the static code analysis tool SonarCloud and reports of the source code quality will be available.

Another tool that scan the code is which will check dependencies in pom.xml for know vulnerabilities.

Run with Maven

mvn spring-boot:run or start the main class AuthApplication from IDE

Run with Docker

docker run -v /config/application.yaml:/config/application.yaml -p 8080:8080 dniel/forwardauth

Run with Docker-Compose

docker-compose up


Put the application.yaml config somewhere where SpringBoot can find it. For example in a /config application directory.

See also the Spring Boot documentation of the externalized configurations Spring Boot features for in depth info about how to add config.


When a new release has been pushed to DockerHub, Spinnaker will find it and start the deployment pipeline. The pipeline will update the internal development environment and my external site also. The kubernetes configuration for the external site can be found at



The master tag is the most stable. Before I merge to the master branch I run some manual tests on the feature branch to and all unit tests should also be green.

Other tags

Each branch get its own tag with the same name when pushing to DockerHub. Each commit get a tag with the commit timestamp and commit-shorthash. Latest tag is only updated when pushing the master branch.


  • Tomcat

  • Kotlin

  • Spring MVC

  • Spring Boot

  • Kubernetes

  • Helm

  • Docker

  • Traefik

  • Spock Framework