| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114 |
- = OAuth 2.0 Resource Server Sample
- This sample demonstrates integrating Resource Server with a mock Authorization Server, though it can be modified to integrate
- with your favorite Authorization Server.
- With it, you can run the integration tests or run the application as a stand-alone service to explore how you can
- secure your own service with OAuth 2.0 Opaque Bearer Tokens using Spring Security.
- == 1. Running the tests
- To run the tests, do:
- ```bash
- ./gradlew integrationTest
- ```
- Or import the project into your IDE and run `OAuth2ResourceServerApplicationTests` from there.
- === What is it doing?
- By default, the tests are pointing at a mock Authorization Server instance.
- The tests are configured with a set of hard-coded tokens originally obtained from the mock Authorization Server,
- and each makes a query to the Resource Server with their corresponding token.
- The Resource Server subsquently verifies with the Authorization Server and authorizes the request, returning the phrase
- ```bash
- Hello, subject!
- ```
- where "subject" is the value of the `sub` field in the JWT returned by the Authorization Server.
- == 2. Running the app
- To run as a stand-alone application, do:
- ```bash
- ./gradlew bootRun
- ```
- Or import the project into your IDE and run `OAuth2ResourceServerApplication` from there.
- Once it is up, you can use the following token:
- ```bash
- export TOKEN=00ed5855-1869-47a0-b0c9-0f3ce520aee7
- ```
- And then make this request:
- ```bash
- curl -H "Authorization: Bearer $TOKEN" localhost:8080
- ```
- Which will respond with the phrase:
- ```bash
- Hello, subject!
- ```
- where `subject` is the value of the `sub` field in the JWT returned by the Authorization Server.
- Or this:
- ```bash
- export TOKEN=b43d1500-c405-4dc9-b9c9-6cfd966c34c9
- curl -H "Authorization: Bearer $TOKEN" localhost:8080/message
- ```
- Will respond with:
- ```bash
- secret message
- ```
- == 2. Testing against other Authorization Servers
- _In order to use this sample, your Authorization Server must support Opaque Tokens and the Introspection Endpoint.
- To change the sample to point at your Authorization Server, simply find this property in the `application.yml`:
- ```yaml
- spring:
- security:
- oauth2:
- resourceserver:
- opaque:
- introspection-uri: ${mockwebserver.url}/introspect
- introspection-client-id: client
- introspection-client-secret: secret
- ```
- And change the property to your Authorization Server's Introspection endpoint, including its client id and secret:
- ```yaml
- spring:
- security:
- oauth2:
- resourceserver:
- opaque:
- introspection-uri: ${mockwebserver.url}/introspect
- ```
- And then you can run the app the same as before:
- ```bash
- ./gradlew bootRun
- ```
- Make sure to obtain valid tokens from your Authorization Server in order to play with the sample Resource Server.
- To use the `/` endpoint, any valid token from your Authorization Server will do.
- To use the `/message` endpoint, the token should have the `message:read` scope.
|
