Querying the services - luchob/oauth2-passwordgrant-example GitHub Wiki
General notes
The table below describes the AS endpoints.
| Endpoint | Notes |
|---|---|
| http://localhost:8080/oauth/token | The auth token is retrieved here. |
| http://localhost:8080/oauth/check_token | The auth token is verified here. |
The next table describes the RS endpoints.
| Endpoint | HTTP Method | Required permissions | Notes |
|---|---|---|---|
| http://localhost:9999/books | POST | ROLE_WRITE_BOOK | A book is created. |
| http://localhost:9999/books/{book_id} | GET | ROLE_READ_BOOK | A book is retrieved. If the book is not found 404 is returned. |
Any request to the AS requires Basic Authentication. A password is not necessary so the following header is required for any access on behalf of the resource owner from the trusted foo client:
Authorization: Basic Zm9vOg==
The decoded Zm9vOg== equals to foo:. While this may seem a bit strange it is enforced by some weird implementation details of the Spring OAuth module. For more details see here.
Any request to the RS requires an authentication. A token downloaded from AS should be provided in a similar header.
Authorization: Bearer <token-from-AS>
Sample requests to the AS and the corresponding responses
Get a token
POST /oauth/token HTTP/1.1
Host: localhost:8080
Authorization: Basic Zm9vOg==
Content-Type: application/x-www-form-urlencoded
Cache-Control: no-cache
grant_type=password&username=user1&password=password1
{
"access_token": "59ec4fd4-6df0-45c4-ba59-08da73740668",
"token_type": "bearer",
"refresh_token": "165d44ec-f412-4b93-9c63-4042753da277",
"expires_in": 1750,
"scope": "oauth"
}
Get a token with wrong credentials
POST /oauth/token HTTP/1.1
Host: localhost:8080
Authorization: Basic Zm9vOg==
Content-Type: application/x-www-form-urlencoded
grant_type=password&username=bad&password=person
{
"error": "invalid_grant",
"error_description": "Bad credentials"
}
Check a valid token
POST /oauth/check_token HTTP/1.1
Host: localhost:8080
Authorization: Basic Zm9vOg==
Content-Type: application/x-www-form-urlencoded
token=59ec4fd4-6df0-45c4-ba59-08da73740668
{
"exp": 1494101219,
"user_name": "user1",
"authorities": [
"ROLE_READ_BOOK"
],
"client_id": "foo",
"scope": [
"oauth"
]
}
Check an invalid token
POST /oauth/check_token HTTP/1.1
Host: localhost:8080
Authorization: Basic Zm9vOg==
Content-Type: application/x-www-form-urlencoded
token=some-bad-stuff
{
"error": "invalid_token",
"error_description": "Token was not recognised"
}
Sample requests to the RS and the corresponding responses
Try to create a book with read only permission (user1's token)
POST /books HTTP/1.1
Host: localhost:9999
Authorization: Bearer 59ec4fd4-6df0-45c4-ba59-08da73740668
Content-Type: application/x-www-form-urlencoded
title=Spring+in+Action
{
"error": "access_denied",
"error_description": "Access is denied"
}
Create a book with write permission (user2's token)
POST /oauth/token HTTP/1.1
Host: localhost:8080
Authorization: Basic Zm9vOg==
Content-Type: application/x-www-form-urlencoded
grant_type=password&username=user2&password=password2
{
"title": "Spring in Action",
"id": "1"
}
Get a book (previously created) with read permissions
GET /books/1 HTTP/1.1
Host: localhost:9999
Authorization: Bearer 172c322a-beda-4f49-8055-439cd398d95d
Cache-Control: no-cache
Postman-Token: 8ca549ea-b456-06c5-3da8-fa1c65d379bb
{
"title": "Spring in Action",
"id": "1"
}