oauth2 protocol with grails spring security

OAUTH 2.0

What is OAuth

OAuth 2 is an authorization framework that enables applications to obtain limited access to user accounts on an HTTP service, such as Facebook, GitHub, and DigitalOcean. It works by delegating user authentication to the service that hosts the user account, and authorizing third-party applications to access the user account.

How to work

Lets start building an app with OAuth

Add plugin in buildConfig.groovy

compile ":spring-security-oauth2- provider:2.0-RC5"

Domain Classes

Run this script

grails s2-init-oauth2-provider <package> <client> <authorization-code> <access-token> <refresh-token>

Config.groovy

grails.plugin.springsecurity.controllerAnnotations.staticRules = [

[pattern: '/oauth/authorize', access: "isFullyAuthenticated() and (request.getMethod().equals('GET') or request.getMethod().equals('POST'))"],

[pattern: '/oauth/token', access: "isFullyAuthenticated() and request.getMethod().equals('POST')"],

]

grails.plugin.springsecurity.filterChain.chainMap = [ [pattern: '/oauth/token', filters: 'JOINED_FILTERS,-

oauth2ProviderFilter,-securityContextPersistenceFilter,-logoutFilter,-authenticationProcessingFilter,-rememberMeAuthenticationFilter,-exceptionTranslationFilter'],

[pattern: '/securedOAuth2Resources/**', filters: 'JOINED_FILTERS,-securityContextPersistenceFilter,-logoutFilter,-authenticationProcessingFilter,-rememberMeAuthenticationFilter,-oauth2BasicAuthenticationFilter,-exceptionTranslationFilter'],

[pattern: '/**', filters: 'JOINED_FILTERS,-statelessSecurityContextPersistenceFilter,-oauth2ProviderFilter,-clientCredentialsTokenEndpointFilter,-oauth2BasicAuthenticationFilter,-oauth2ExceptionTranslationFilter']

]

Add UserRole roleUser = new Role(authority: 'ROLE_USER').save(flush: true)

User user = new User( username: 'user1', password: 'user1', enabled: true, accountExpired: false, accountLocked: false, passwordExpired: false ).save(flush: true)

UserRole.create(user, roleUser, true)

Add Client

new RestClient( clientId: 'AskMeBazaar', authorizedGrantTypes: ['authorization_code',

'refresh_token', 'implicit', 'password', 'client_credentials'], authorities: ['ROLE_CLIENT'], scopes: ['read', 'write'], redirectUris: ['path of your application where u

want to render the auth code'] ).save(flush: true)

Authorization Code Grant

http://localhost:8080/oauth2-test/oauth/authorize?response_type=code&client_id=my-client&scope=read

Redirect

http://myredirect.com/?code=139R59

Using HTTP Basic for client authentication

curl -X POST \

-d "client_id=my-client" \

-d "grant_type=authorization_code" \

-d "code=139R59" http://localhost:8080/oauth2-test/oauth/token

receive the access token in the response

access_token": "a1ce2915-8d79-4961-8abb-2c6f0fdb4aba",

"token_type": "bearer",

"refresh_token": "6540222d-0fb9-4b01-8d45-7be2bdfb68f9",

"expires_in": 43199,

"scope": "read"

References

https://developers.google.com/identity/protocols/OAuth2

https://www.digitalocean.com/community/tutorials/an-introduction-to-oauth-2

https://grails.org/plugins/tag/oauth2