Oauth2 Step By Step Save

Step by step code examples for blog post on voxxed.com. Each branch is a working example. Create your own custom OAuth2 configuration and play with spring-boot and spring-oauth

Project README

This repo has been started by @syjer as oauthtest, to cleanup history and make it cleaner for a blog post I created this new Repo

This example is based on the following resources:

How to test:

  1. $ cd authorization-server;mvn spring-boot:run

  2. $ cd resource-server;mvn spring-boot:run

  3. Obtain token with: $ curl service-account-1:[email protected]:8080/auth/oauth/token -d grant_type=client_credentials and save it in TOKEN=.......

  4. Access the resource with: $ curl -H "Authorization: Bearer $TOKEN" -v localhost:9090

  5. Update the resource with: $ curl -H "Content-Type: application/json" -H "Authorization: Bearer $TOKEN" -X POST -d "Bonjour" -v localhost:9090

  6. $ cd webapp-server;mvn spring-boot:run

  7. go to localhost:9999 and use the UI :).

You can load the message from backend server, then submit a new one and try to reload. All calls are using JWT, AS is called only the first time, RS checks the client has correct scopes. If token expires it automatically goes to AS to get a new one.

For generating your own key (as written in the stytex.de blog):

keytool -genkeypair -alias jwt -keyalg RSA -dname "CN=jwt, L=Lugano, S=Lugano, C=CH" -keypass mySecretKey -keystore jwt.jks -storepass mySecretKey

copy jwt.jks in authorization-server/src/main/resources/jwk.jks

Notes:

  • Resource server fetch the pubkey of the authentication server, so in production it must be over a secure channel :)
  • If the authentication server is down, and a resource server is launched, the fetch of the public key will fail (but a log message will be written), see https://github.com/spring-projects/spring-security-oauth/issues/734 issue
Open Source Agenda is not affiliated with "Oauth2 Step By Step" Project. README Source: exteso/oauth2-step-by-step
Stars
32
Open Issues
0
Last Commit
5 years ago

Open Source Agenda Badge

Open Source Agenda Rating