oauth2-server (Parent)

An oauth2 server library for Java applications

License

License

Categories

Categories

Security
GroupId

GroupId

com.clouway.security
ArtifactId

ArtifactId

parent
Last Version

Last Version

1.0.6
Release Date

Release Date

Type

Type

pom
Description

Description

oauth2-server (Parent)
An oauth2 server library for Java applications
Project URL

Project URL

https://github.com/clouway/oauth2-server
Source Code Management

Source Code Management

https://github.com/clouway/oauth2-server

Download parent

Filename Size
parent-1.0.6.pom 4 KB
Browse

How to add to project

<!-- https://jarcasting.com/artifacts/com.clouway.security/parent/ -->
<dependency>
    <groupId>com.clouway.security</groupId>
    <artifactId>parent</artifactId>
    <version>1.0.6</version>
    <type>pom</type>
</dependency>
// https://jarcasting.com/artifacts/com.clouway.security/parent/
implementation 'com.clouway.security:parent:1.0.6'
// https://jarcasting.com/artifacts/com.clouway.security/parent/
implementation ("com.clouway.security:parent:1.0.6")
'com.clouway.security:parent:pom:1.0.6'
<dependency org="com.clouway.security" name="parent" rev="1.0.6">
  <artifact name="parent" type="pom" />
</dependency>
@Grapes(
@Grab(group='com.clouway.security', module='parent', version='1.0.6')
)
libraryDependencies += "com.clouway.security" % "parent" % "1.0.6"
[com.clouway.security/parent "1.0.6"]

Dependencies

test (1)

Group / Artifact Type Version
nl.jqno.equalsverifier : equalsverifier jar 2.4

Project Modules

  • oauth2-server
  • oauth2-example-app
  • oauth2-server-testing

OAuth2 Server Library

OAuth2 Java Server Library is a backbone of OAuth2 provider which will provide basic OAuth2 support.

Please note: We take oauth2-server's security and our users' trust very seriously. If you believe you have found a security issue in oauth2-server library, please responsibly disclose by contacting us at [email protected].

Build Status

Build Status

Supported Flows

  • Client authorization with authorization_code

  • 2-legged oauth2 authorization with JWT

Example config servlet for usage of the OAuth2 server library

OAuth2SupportServlet

class OAuth2SupportServlet extends OAuth2Servlet {
 private final OAuth2Config config;
 public OAuth2SupportServlet(OAuth2Config config) {
     this.config = config;
 }
 public getConfig() {
     return config;
  }
}

// usage
ServletContext servletContext = servletContextEvent.getServletContext();
servletContext.addServlet("oauth2", 
      new OAuth2SupportServlet(OAuth2Config.newConfig()
           .tokens(tokens)
           .jwtKeyStore(jwtKeyStore)
           .keyStore(keyStore)
           .identityFinder(identityFinder)
           .resourceOwnerIdentityFinder(resourceOwnerIdentityFinder)
           .clientAuthorizationRepository(clientAuthorizationRepository)
           .clientFinder(clientFinder)
           .loginPageUrl("/ServiceLogin?continue=")
           .build())
       .addMapping("/o/oauth2/v1/*");

The responding interfaces are responsible for:

  • IdentityFinder - Used to find the identity of the client that is requesting authorization.

  • ClientAuthorizationRepository - Used to generate and persist auth codes for authorized clients and to use them later in the Access token request step.

  • Tokens - Used to generate Access and Refresh tokens and persist them for later use when a protected resource is requested.

  • JwtKeyStore - Used to find the Key blocks for verifying JWT authorizations

  • KeyStore - Used to find the keys used for signing and verifying of the signatures of the id_tokens.

  • ResourceOwnerIdentityFinder - Used during the authorization of the request to find the identity.

  • ClientFinder - Used to persist and find OAuth Clients

Endpoints in the OAuth2Servlet

For example if you bind your OAuth2Servlet to /o/oauth2/v1/*

  • /o/oauth2/v1/auth - Used for Authorization codes

  • /o/oauth2/v1/token - Used for Access and Refresh tokens

  • /o/oauth2/v1/revoke - Used to revoke Access/Refresh tokens

  • /o/oauth2/v1/tokenInfo Used to receive an id_token for the given Access token

  • /o/oauth2/v1/userInfo Used to receive a UserInfo for the given Access token

  • /o/oauth2/v1/certs Used to receive the used certificates

id_token

Our library supports the OpenID id_token (http://openid.net/specs/openid-connect-core-1_0.html) which could be obtained on the tokenInfo endpoint. Note that for optimisation purposes to lower round trips an id_token is also returned with the refresh token response and jwt token response. The id_token uses a custom header CID (Certificate ID) that can be used to recognise which certificate was used to sign the token.

ToDo

  • dependency clean up

License

Copyright 2017 clouWay ood.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

https://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

com.clouway.security

clouWay ood

Versions

Version
1.0.6
1.0.5
1.0.4
1.0.3
1.0.2
1.0.1
1.0
1.0-RC29
1.0-RC28
1.0-RC27
1.0-RC26
1.0-RC25
1.0-RC24
1.0-RC23
1.0-RC22
1.0-RC21
1.0-RC20
1.0-RC19
1.0-RC18
1.0-RC17
1.0-RC16
1.0-RC15
1.0-RC13
1.0-RC12
1.0-RC11
1.0-RC10
1.0-RC9
1.0-RC8
1.0-RC7
1.0-RC4
1.0-RC3
1.0-RC2
1.0-RC1