oauth2 protocol with grails spring security
TRANSCRIPT
OAUTH 2.0
What is OAuth
OAuth 2 is an authorization framework that enables applications to obtain limited access to user accounts on an HTTP service, such as Facebook, GitHub, and DigitalOcean. It works by delegating user authentication to the service that hosts the user account, and authorizing third-party applications to access the user account.
How to work
Lets start building an app with OAuth
Add plugin in buildConfig.groovy
compile ":spring-security-oauth2- provider:2.0-RC5"
Domain Classes
Run this script
grails s2-init-oauth2-provider <package> <client> <authorization-code> <access-token> <refresh-token>
Config.groovy
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
[pattern: '/oauth/authorize', access: "isFullyAuthenticated() and (request.getMethod().equals('GET') or request.getMethod().equals('POST'))"],
[pattern: '/oauth/token', access: "isFullyAuthenticated() and request.getMethod().equals('POST')"],
]
grails.plugin.springsecurity.filterChain.chainMap = [ [pattern: '/oauth/token', filters: 'JOINED_FILTERS,-
oauth2ProviderFilter,-securityContextPersistenceFilter,-logoutFilter,-authenticationProcessingFilter,-rememberMeAuthenticationFilter,-exceptionTranslationFilter'],
[pattern: '/securedOAuth2Resources/**', filters: 'JOINED_FILTERS,-securityContextPersistenceFilter,-logoutFilter,-authenticationProcessingFilter,-rememberMeAuthenticationFilter,-oauth2BasicAuthenticationFilter,-exceptionTranslationFilter'],
[pattern: '/**', filters: 'JOINED_FILTERS,-statelessSecurityContextPersistenceFilter,-oauth2ProviderFilter,-clientCredentialsTokenEndpointFilter,-oauth2BasicAuthenticationFilter,-oauth2ExceptionTranslationFilter']
]
Add UserRole roleUser = new Role(authority: 'ROLE_USER').save(flush: true)
User user = new User( username: 'user1', password: 'user1', enabled: true, accountExpired: false, accountLocked: false, passwordExpired: false ).save(flush: true)
UserRole.create(user, roleUser, true)
Add Client
new RestClient( clientId: 'AskMeBazaar', authorizedGrantTypes: ['authorization_code',
'refresh_token', 'implicit', 'password', 'client_credentials'], authorities: ['ROLE_CLIENT'], scopes: ['read', 'write'], redirectUris: ['path of your application where u
want to render the auth code'] ).save(flush: true)
Authorization Code Grant
http://localhost:8080/oauth2-test/oauth/authorize?response_type=code&client_id=my-client&scope=read
Redirect
http://myredirect.com/?code=139R59
Using HTTP Basic for client authentication
curl -X POST \
-d "client_id=my-client" \
-d "grant_type=authorization_code" \
-d "code=139R59" http://localhost:8080/oauth2-test/oauth/token
receive the access token in the response
access_token": "a1ce2915-8d79-4961-8abb-2c6f0fdb4aba",
"token_type": "bearer",
"refresh_token": "6540222d-0fb9-4b01-8d45-7be2bdfb68f9",
"expires_in": 43199,
"scope": "read"
References
https://developers.google.com/identity/protocols/OAuth2
https://www.digitalocean.com/community/tutorials/an-introduction-to-oauth-2
https://grails.org/plugins/tag/oauth2