Giter VIP home page Giter VIP logo

authservice-oauth2's Introduction

AuthService 2

This repo is an prototype on the implementation of Spring OAuth2 and currently dev in progress.

Requirements

Java installed,Spring boot maven dependency is configured.

OAuth2 flows

Flow of calls between gateway service and downstream service

Flow of calls from external client

Endpoints

Gateway Service - 8080 Auth Service - 7070 Resource Server - 9000

Auth flows

Authorization Code Flow

# get code
http://localhost:7070/authserver/oauth/authorize?response_type=code&client_id=authserver&redirect_uri=http://localhost:8080/&scope=myscope&state=Lq3pSG
# login if prompted
# exchange code with token
http://localhost:7070/authserver/oauth/token?grant_type=authorization_code&client_id=authserver&redirect_uri=http://localhost:8080/&scope=myscope&state=Lq3pSG&code=fTId6p
# call resource endpoint with token (bearer)
http://localhost:9000/user

Implicit Flow (Client-Side Flow)

#call authorize endpoint
http://localhost:7070/authserver/oauth/authorize?response_type=token&client_id=authserver&redirect_uri=http://localhost:8080/&scope=myscope&state=Lq3pSG
# login if prompted
# get redirected back with the token

Client credentials

#call token endpoint directly with client id and secret
http://localhost:7070/authserver/oauth/token?grant_type=client_credentials
# token returned

Password Grant

#call token endpoint directly with client-id secret and username/pwd
http://localhost:7070/authserver/oauth/token?grant_type=password&username=admin&password=admin
#token returned

Use cases

As an external client

Configure external client like below sample

spring.security.oauth2.client.registration.vibe.client-id=vibe
spring.security.oauth2.client.registration.vibe.client-secret=passwordforvibeserver
spring.security.oauth2.client.provider.vibe.authorizationUri=http://localhost:7070/authserver/oauth/authorize
spring.security.oauth2.client.provider.vibe.tokenUri=http://localhost:7070/authserver/oauth/token
spring.security.oauth2.client.provider.vibe.userInfoUri=http://localhost:9000/user
spring.security.oauth2.client.registration.vibe.authorizationGrantType=authorization_code
spring.security.oauth2.client.registration.vibe.authorizationGrantType.scope=myscope
spring.security.oauth2.client.registration.vibe.redirectUriTemplate=http://localhost:8081/login/oauth2/code/vibe
spring.security.oauth2.client.provider.vibe.usernameAttribute=name

As an internal client

update Gateway service and (other optional internal clients) with

security:
 oauth2: client: accessTokenUri: http://localhost:7070/authserver/oauth/token
      userAuthorizationUri: http://localhost:7070/authserver/oauth/authorize
      clientId: authserver
      clientSecret: passwordforauthserver
    resource:
 userInfoUri: http://localhost:9000/user

Try to access http://localhost:8080/personInfo which internally calls the downstream resource server http://localhost:9000/person it will prompt for user authentication at http://localhost:7070/authserver/login login with credentials defaults are admin:admin and user:user should display resource information which is protected under http://localhost:9000/person

##TODOS 1.Schedule token and audit table clean up. 2.cloudwatch logs 3.testing 4.complete audit tables 5.dictonary attack + captcha

authservice-oauth2's People

Contributors

sayannayas avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.