Skip to content
/ play-oauth2 Public

Example of restful web service using OAuth2 and Play! framework

License

Apache-2.0 license
9 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

tfeng/play-oauth2

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
app
app
 
 
conf
conf
 
 
project
project
 
 
test
test
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
build.sbt
build.sbt
 
 

Repository files navigation

Example of restful web service using OAuth2 and Play! framework

** This example is superseded by oauth2-example. **

This example application integrates spring-security-oauth2 with Play to secure its restful APIs.

Run the tests to make sure everything is working.

$ activator test

Start the application.

$ activator run

Once started, the application listens to HTTP requests at port 9000. In order to interact with it, one must first obtain an access token for a predefined client using client id "secure-client" and secret "client_password".

$ curl -X POST -H "Content-type: application/json" -d '{"clientId": "secure-client", "clientSecret": "client_password"}' http://localhost:9000/client/authenticate

The response contains the client access token.

{"accessToken":"d1e2cd6d-2171-4c6d-86e8-bbabc3fcdcb5","clientId":"secure-client","expiration":1405561925380}

The client access token grants access to the user authentication API. By using it as "Bearer" authorization, one can obtain a user access token with username and password. In this example, all non-empty usernames are accepted, and the password is always "password".

$ curl -X POST -H "Content-type: application/json" -H "Authorization: Bearer d1e2cd6d-2171-4c6d-86e8-bbabc3fcdcb5" -d '{"username": "test", "password": "password"}' http://localhost:9000/user/authenticate

This request returns a user access token, which can be used to access other restful APIs that require user permission. There is also a refresh token that can be used to get a new user access token when the old one is expired.

{"accessToken":"4fb09f30-470d-48de-b038-8e2f73f7afa8","username":"test","expiration":1405562230945,"refreshToken":"31ea8263-9876-478b-a3a6-c81a7186528a"}

To access the API that returns user information, the user access token must be provided as "Bearer" authorization.

$ curl -H "Authorization: Bearer 4fb09f30-470d-48de-b038-8e2f73f7afa8" http://localhost:9000/user/get

The response shows the username and some additional information.

{"username":"test","isActive":true}

Finally, to refresh the user access token, one may send a request using a valid client access token as the "Bearer" authorization, and the refresh token as in request body.

$ curl -X POST -H "Content-type: application/json" -H "Authorization: Bearer d1e2cd6d-2171-4c6d-86e8-bbabc3fcdcb5" -d '{"refreshToken": "31ea8263-9876-478b-a3a6-c81a7186528a"}' http://localhost:9000/user/refresh

The response contains a new user access token and the same refresh token. The refresh token can be used again and again. The new user access token can be used from now on to grant access to user APIs. The old user access token is invalidated.

{"accessToken":"51a4e27b-07f0-46fc-acd3-91d55ae8cf3d","expiration":1405562714483,"refreshToken":"31ea8263-9876-478b-a3a6-c81a7186528a"}

About

Example of restful web service using OAuth2 and Play! framework

Resources

Readme

License

Apache-2.0 license
Activity

Stars

9 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages