This test project contains following setup:
- Authorization Server: An OAuth2 server which acts as an OAuth2 Authorization Server
- Resource Server: An MicroService which acts as OAuth2 Client and serves Secure Resources
- Aggregation Server: An MicroService, which acts as a proxy for the Resource Server and reuses OAuth2 Tokens for calls to underlining MicroServices
- Make sure you have maven installed
- Make sure you have java 1.8 installed
- Checkout the source code
- Run "mvn clean install"
- Inside "auth-server" execute "mvn springBoot:run"
- Inside "resource-server" execute "mvn springBoot:run"
- Inside "aggregation-server" execute "mvn springBoot:run"
The resource server and the aggregation server expose their APIs via Swagger. Testing the calls is currently not possible because of missing OAuth integration in the Swagger UI
- Resource Server: Open http://localhost:8088/ and change the API URL to http://localhost:8088/api-docs
- Aggregation Server: Open http://localhost:8888/ and change the API URL to http://localhost:8888/api-docs
All access tokens can be decoded via https://developers.google.com/wallet/digital/docs/jwtdecoder Just copy the "access_token" content to the form and click on "Decode JWT"
Execute curl -u my-trusted-client: http://localhost:8080/oauth/token -d "grant_type=password&username=user&password=testpass"
Execute curl -u my-trusted-client-with-secret:somesecret http://localhost:8080/oauth/token -d "grant_type=client_credentials"
- Open browser with URL
http://localhost:8080/oauth/authorize?client_id=my-client-with-registered-redirect&response_type=code
- Use username
user
, passwordtestpass
for login - Click on
Authorize
- Copy the code parameter from the URL
- Execute
curl -u my-client-with-registered-redirect: http://localhost:8080/oauth/token -d "grant_type=authorization_code&code=<code from URL>"
Direct Rest GET call to a protected resource on the resource server
- Get an access token via authorization code or password
- Execute
curl -H "Content-Type: application/json" -H "Authorization: Bearer <your token>" http://localhost:8088/api/me
Rest GET call to the aggregation server, which uses the presented OAuth2 Token to make a call to a protected resource on the resource server
- Get an access token via authorization code or password
- Execute
curl -H "Content-Type: application/json" -H "Authorization: Bearer <your token>" http://localhost:8888/api/me