Please start at the Top-Level Lens Repo.
The central OAuth 2.0 authorization service for all Lens backend services.
Lens auth currently supports only the Resource Owner Password Credentials Grant
described in section 4.3 of the spec. An OAuth 2.0 compatible
token endpoint is implemented under the /token
path. An OAuth 2.0
compatible introspection endpoint is implemented under the /introspect
path.
Client identifiers issued by this authorization service are opaque strings with a length not longer than 255 chars.
To start the service with leiningen, run the following command
lein with-profile production trampoline run
This starts the Lens Auth service on localhost port 8080.
This application uses the following environment vars:
PORT
- the port to listen onCONTEXT_PATH
- an optional context path under which the workbook service runsTOKEN_STORE
- how to store the generated tokens. Currentlyatom
andriak
are supported (defaults toatom
)RIAK_TOKEN_HOST
- Must be specified if token-store isriak
RIAK_TOKEN_PORT
- the Riak HTTP port (defaults to8098
)RIAK_TOKEN_BUCKET
- the name of the Riak bucket to store generated tokens in (defaults toauth-tokens
)EXPIRE
- the time in seconds after which a token expiresAUTH
- how to check user credentials, currentlynoop
(all credentials are valid) andldap
are supported (defaults tonoop
)LDAP_HOSTS
- the host or hosts (comma separated) to use for ldap connect, must be specified if auth isldap
LDAP_USER_BASE_DN
- the ldap base dn to locate users, must be specified if auth isldap
LDAP_BIND_DN
- the server connects to ldap using this user dn, must be specified if auth isldap
LDAP_BIND_PASSWORD
- the server connects to ldap using this password, must be specified if auth isldap
LDAP_SEARCH_TPL
- the filter string template used to find users (defaults to(sAMAccountName=%s)
)CLIENT_STORE
- how to store the generated tokens. Currentlyatom
andriak
are supported (defaults toatom
)RIAK_CLIENT_HOST
- Must be specified if client-store isriak
RIAK_CLIENT_PORT
- the Riak HTTP port (defaults to8098
)RIAK_CLIENT_BUCKET
- the name of the Riak bucket to store generated clients in (defaults toauth-clients
)
If you have foreman installed you can create an .env
file listing the
environment vars specified above and just type foreman start
.
You have to start the auth container:
docker run -d -p 8080:80 --name lens-auth akiel/lens-auth
After starting the container, a curl http://localhost:8080/token
should show
Method not allowed.
which is okay for the moment.
Running a REPL will load the user namespace. Use (startup)
to start the server
and (reset)
to reload after code changes.
Copyright © 2015 Alexander Kiel
Distributed under the Eclipse Public License, the same as Clojure.