Build OAuth 2.0 Server & API Server with Authlete + Spring Boot

hidebike712

Hideki Ikeda

Posted on June 3, 2024

Build OAuth 2.0 Server & API Server with Authlete + Spring Boot

Image description

Overview

This article explains how to build OAuth 2.0 server and API server with Authlete + Spring Boot.

Architecture

Image description

How-to-Do

1. Create an Account at Authlete.

Create an Authlete account on the sign up page.

Image description

Upon successful signup, you will automatically login to the service owner console.

2. Create & Configure Service

Click Create Service tab at the service owner console. This redirects you to the service creation page.

Image description

Input your service name and click Create button. Upon successful service creation, you will be redirected to the the service detail page,

Image description

which shows the detailed information about your service as below. Write down the API key & secret value from the service detail page.

Image description

3. Create & Configure Client

Access the client application console at the following URL in your browser:

https://cd.authlete.com/{YOUR-SERVICE-API-KEY}
Enter fullscreen mode Exit fullscreen mode

Then, login to the console with your service API key and secret.

Image description

Input your client name and click Create button.

Image description

Write down Client ID and Client Secret.

Image description

4. Configure & Run OAuth 2.0 Server

Run the following command to download the OAuth 2.0 server.

$ git clone https://github.com/authlete/spring-oauth-server.git
Enter fullscreen mode Exit fullscreen mode

Navigate to spring-oauth-server directory and edit authlete.properties as below.

service.api_key = {YOUR-SERVICE-API-KEY} 
service.api_secret = {YOUR-SERVICE-API-SECRET}
Enter fullscreen mode Exit fullscreen mode

Start the OAuth 2.0 server by the following command. (It uses port 8080.)

$ docker-compose up
Enter fullscreen mode Exit fullscreen mode

5. Configure & Run API Server

Run the following command to download the API server.

$ git clone https://github.com/authlete/spring-resource-server.git
Enter fullscreen mode Exit fullscreen mode

Navigate to spring-resource-server directory and edit authlete.properties as below.

service.api_key = {YOUR-SERVICE-API-KEY} 
service.api_secret = {YOUR-SERVICE-API-SECRET}
Enter fullscreen mode Exit fullscreen mode

Start the API server by the following command. (It uses port 8081.)

$ docker-compose up
Enter fullscreen mode Exit fullscreen mode

6. Test

6.1. Issue Access Token

Let’s check that the OAuth 2.0 server can issue an access token using Authorization Flow (RFC6749).

6.1.1. Authorization Request

First, access the authorization endpoint (of the OAuth 2.0 server) at the following URL in your browser.

http://localhost:8080/api/authorization?client_id={CLIENT-ID}&response_type=code
Enter fullscreen mode Exit fullscreen mode

Then, an authorization page will appear.

Image description

Enter the following dummy user information and click Authorize button.

User ID = john
Password = john
Enter fullscreen mode Exit fullscreen mode

Dummy user info is defined in /src/main/java/com/authlete/spring/server/db/UserDao.java. Modify it as needed.

Then, you will be redirected to the redirect URL like below. Write down the value of the code parameter.

https://api.authlete.com/api/mock/redirection/{YOUR-SERVICE-API-KEY}?code=xxxxx...
Enter fullscreen mode Exit fullscreen mode

6.1.2. Token Request

Make a token request using the authorization code as follows.

$ curl -v -X POST -d 'code={AUTHORIZATION-CODE}' -d 'client_id={CLIENT-ID}' -d 'grant_type=authorization_code' http://localhost:8080/api/token
Enter fullscreen mode Exit fullscreen mode

A successful response is like below.

{ 
  "access_token": "xxxxx", 
  "refresh_token": "xxxxx", 
  "scope": null, 
  "token_type": "Bearer", 
  "expires_in": 86400 
}
Enter fullscreen mode Exit fullscreen mode

6.2. Access API

Let’s access Country API (/api/country/{country-code}) on the API server using the access token.

$ curl -v -H "Authorization: Bearer {access-token}" http://localhost:8081/api/country/JP
Enter fullscreen mode Exit fullscreen mode

A successful response will be like below.

{ 
  "name": "Japan",
  "alpha2": "JP",
  "alpha3": "JPN"
  "numeric": 392
  "currency": "JPY"
}
Enter fullscreen mode Exit fullscreen mode

If you access the API without an access token like below,

$ curl -v http://localhost:8081/api/country/JP
Enter fullscreen mode Exit fullscreen mode

it will return an appropriate error:

< HTTP/1.1 400 
< Cache-Control: no-store, no-transform
< Pragma: no-cache
< WWW-Authenticate: Bearer error="invalid_token",error_description="An access token is missing."
< Content-Length: 0
...
Enter fullscreen mode Exit fullscreen mode

More Info

See the following information for more details.

💖 💪 🙅 🚩
hidebike712
Hideki Ikeda

Posted on June 3, 2024

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related