Skip to content

tcompiegne/oauth2-server

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
src/main
src/main
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pom.xml
pom.xml
 
 

Repository files navigation

oauth2-server

OAuth2 Authorization Server based on Spring Security OAuth2

This is a basic Authorization server based on Spring Security OAuth2.

The main goal is to show you how to implement an Authorization Server with Spring Security OAuth2.

How to use it ?

Checkout the OAuth2 Authorization Server :

- git clone https://github.com/tcompiegne/oauth2-server.git
- mvn install

Start the server :

  mvn jetty:run

Get your tokens :

Client Credentials Grant Type :

=============== =================================================
Request         POST /oauth/token
Request Body    grant_type=client_credentials&client_id=test&client_secret=test
Response Codes  200 OK
Response Body   ::

                  {
                      "access_token": "ecfe59e8-2983-4919-a44a-039766ed1c45",
                      "token_type": "bearer",
                      "expires_in": 43199,
                      "scope": "read write"
                  }

=============== =================================================

Resource Owner Password Grant Type :

=============== =================================================
Request         POST /oauth/token
Request Body    grant_type=password&client_id=test&client_secret=test&username=userTest&password=userTest
Response Codes  200 OK
Response Body   ::

                  {
                      "access_token": "46539a6f-67f0-4bcb-bdef-89e3794825f5",
                      "token_type": "bearer",
                      "refresh_token": "8c8d7232-9523-4838-85f7-14cb3aaa174c",
                      "expires_in": 43199,
                      "scope": "read write"
                  }

=============== =================================================

Refresh Token Grant Type :

=============== =================================================

Request         POST /oauth/token
Request Body    grant_type=refresh_token&client_id=test&client_secret=test&refresh_token=8c8d7232-9523-4838-85f7-14cb3aaa174c
Response Codes  200 OK
Response Body   ::

                 {
				    "access_token": "7ad8f410-d9d4-4106-b8c2-13cc48c0269d",
				    "token_type": "bearer",
				    "refresh_token": "8c8d7232-9523-4838-85f7-14cb3aaa174c",
				    "expires_in": 43200,
				    "scope": "read write"
				 }

=============== =================================================

Authorization Code (response type : code) Flow :

=============== =================================================

1) Get the authorization code

Request			GET /oauth/authorize
Request Body    response_type=code&client_id=test&redirect_uri=http://localhost:8080/yourapp
				# Submit the login form with an authorized user
Response Code	302 Found
Redirect to 	http://localhost:8080/yourapp?code=7m6TKQ
					
2) Exchange your code against the access token

Request			POST /oauth/token
Request Body	grant_type=authorization_code&client_id=test&code=7m6TKQ&redirect_uri=http://localhost:8080/yourapp
Response Codes  200 OK
Response Body   ::

                 {
				    "access_token": "7ad8f410-d9d4-4106-b8c2-13cc48c0269d",
				    "token_type": "bearer",
				    "refresh_token": "8c8d7232-9523-4838-85f7-14cb3aaa174c",
				    "expires_in": 43200,
				    "scope": "read write"
				 }
				 
=============== =================================================

Authorization Code (response type : token) Flow :

=============== =================================================

Request			GET /oauth/authorize
Request Body    response_type=token&client_id=test&redirect_uri=http://localhost:8080/yourapp
				# Submit the login form with an authorized user
Response Code	302 Found
Redirect to 	http://localhost:8080/yourapp#access_token=7ad8f410-d9d4-4106-b8c2-13cc48c0269d&token_type=bearer&expires_in=42634&scope=read%20write

OAuth2 Token Validation Service

An endpoint that allows a resource server to validate an access token. The application client is authenticated via basic auth for this call.

Request			POST /oauth/check_token
Request Body	token=7ad8f410-d9d4-4106-b8c2-13cc48c0269d
Request Headers Authorization: Basic dGVzdDp0ZXN0 => stands for Base64.encode(client_id:client_secret)
				Content-Type: application/x-www-form-encoded
Response Codes  200 OK
Response Body   ::
                {
				    "exp": 1426391913,
				    "user_name": "userTest",
				    "scope": [
				        "read",
				        "write"
				    ],
				    "authorities": [
				        "ROLE_USER"
				    ],
				    "client_id": "test"
				}

OpenID User Info Endpoint

An OAuth2 protected resource and an OpenID Connect endpoint. Given an appropriate access_token, returns information about a user.

Request	        GET /userinfo/check_token
Request Headers Authorization: Bearer 

Response Codes  200 OK
Response Body   ::
               {
				    "password": null,
				    "username": "userTest",
				    "authorities": [
				        {
				            "authority": "ROLE_USER"
				        }
				    ],
				    "accountNonExpired": true,
				    "accountNonLocked": true,
				    "credentialsNonExpired": true,
				    "enabled": true
				}

Thanks

Many thanks to the Spring Team and particularly Dave Syer for their job to make easy to understand and set up oauth2 infrastructure.

About

OAuth2 Authorization Server based on Spring Security OAuth2

Resources

Readme

License

MIT license
Activity

Stars

9 stars

Watchers

1 watching

Forks

7 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages