Hideki Ikeda
Posted on June 3, 2024
Overview
This article explains how to build OAuth 2.0 server and API server with Authlete + Spring Boot.
Architecture
How-to-Do
1. Create an Account at Authlete.
Create an Authlete account on the sign up page.
Upon successful signup, you will automatically login to the service owner console.
2. Create & Configure Service
Click Create Service tab at the service owner console. This redirects you to the service creation page.
Input your service name and click Create button. Upon successful service creation, you will be redirected to the the service detail page,
which shows the detailed information about your service as below. Write down the API key & secret value from the service detail page.
3. Create & Configure Client
Access the client application console at the following URL in your browser:
https://cd.authlete.com/{YOUR-SERVICE-API-KEY}
Then, login to the console with your service API key and secret.
Input your client name and click Create button.
Write down Client ID and Client Secret.
4. Configure & Run OAuth 2.0 Server
Run the following command to download the OAuth 2.0 server.
$ git clone https://github.com/authlete/spring-oauth-server.git
Navigate to spring-oauth-server directory and edit authlete.properties as below.
service.api_key = {YOUR-SERVICE-API-KEY}
service.api_secret = {YOUR-SERVICE-API-SECRET}
Start the OAuth 2.0 server by the following command. (It uses port 8080.)
$ docker-compose up
5. Configure & Run API Server
Run the following command to download the API server.
$ git clone https://github.com/authlete/spring-resource-server.git
Navigate to spring-resource-server directory and edit authlete.properties as below.
service.api_key = {YOUR-SERVICE-API-KEY}
service.api_secret = {YOUR-SERVICE-API-SECRET}
Start the API server by the following command. (It uses port 8081.)
$ docker-compose up
6. Test
6.1. Issue Access Token
Let’s check that the OAuth 2.0 server can issue an access token using Authorization Flow (RFC6749).
6.1.1. Authorization Request
First, access the authorization endpoint (of the OAuth 2.0 server) at the following URL in your browser.
http://localhost:8080/api/authorization?client_id={CLIENT-ID}&response_type=code
Then, an authorization page will appear.
Enter the following dummy user information and click Authorize button.
User ID = john
Password = john
Dummy user info is defined in /src/main/java/com/authlete/spring/server/db/UserDao.java
. Modify it as needed.
Then, you will be redirected to the redirect URL like below. Write down the value of the code parameter.
https://api.authlete.com/api/mock/redirection/{YOUR-SERVICE-API-KEY}?code=xxxxx...
6.1.2. Token Request
Make a token request using the authorization code as follows.
$ curl -v -X POST -d 'code={AUTHORIZATION-CODE}' -d 'client_id={CLIENT-ID}' -d 'grant_type=authorization_code' http://localhost:8080/api/token
A successful response is like below.
{
"access_token": "xxxxx",
"refresh_token": "xxxxx",
"scope": null,
"token_type": "Bearer",
"expires_in": 86400
}
6.2. Access API
Let’s access Country API (/api/country/{country-code}) on the API server using the access token.
$ curl -v -H "Authorization: Bearer {access-token}" http://localhost:8081/api/country/JP
A successful response will be like below.
{
"name": "Japan",
"alpha2": "JP",
"alpha3": "JPN"
"numeric": 392
"currency": "JPY"
}
If you access the API without an access token like below,
$ curl -v http://localhost:8081/api/country/JP
it will return an appropriate error:
< HTTP/1.1 400
< Cache-Control: no-store, no-transform
< Pragma: no-cache
< WWW-Authenticate: Bearer error="invalid_token",error_description="An access token is missing."
< Content-Length: 0
...
More Info
See the following information for more details.
README.md & CUSTOMIZATION.md of spring-oauth-server
README.md & CUSTOMIZATION.md of spring-resource-server
Posted on June 3, 2024
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.