Authentication Service - wuyichen24/spring-microservices-in-action GitHub Wiki

Description

Issue and validate access tokens and manage clients and users.

Technique

• Spring Cloud Security
• OAuth2
• Spring Data JPA
• Netflix Eureka
• Netflix Hystrix

Services/Servers protected by Autentication service:

• Organization Service

Available API Calls

AS1: Get an access token (by the client credential and the user credential).

• URL: http://localhost:8901/auth/oauth/token
• Method: GET
• Parameters
• Headers
• Authentication
  • Type: Basic Auth
  • Credential
    • Username: eagleeye
    • Password: thisissecret
• Body

KEY	VALUE
grant_type	password
scope	webclient
username	john.carnell
password	password1

• Notes

AS2: Retrieve the user information.

• URL: http://localhost:8901/auth/user
• Method: GET
• Parameters
• Headers

KEY	VALUE
Authorization	Bearer {access_token}

• Body
• Notes

AS3: Get a client record by client ID.

• URL: http://localhost:8901/auth/client/{clientId}
• Method: GET
• Parameters
  • clientId: The client ID for looking up.
• Headers

KEY	VALUE
Authorization	Bearer {access_token}

• Body
• Notes

AS4: Update a client record.

• URL: http://localhost:8901/auth/client
• Method: PUT
• Parameters
• Headers

KEY	VALUE
Authorization	Bearer {access_token}
Content-Type	application/json

• Body

{
    "clientId": "eagleeye",
    "resourceIds": null,
    "clientSecret": "123456cs",
    "scope": "webclient,mobileclient",
    "authorizedGrantTypes": "refresh_token,password,client_credentials",
    "webServerRedirectUri": null,
    "authorities": null,
    "accessTokenValidity": 36000,
    "refreshTokenValidity": 36000,
    "additionalInformation": null,
    "autoapprove": "1"
}

• Notes

AS5: Add a new client record.

• URL: http://localhost:8901/auth/client
• Method: POST
• Parameters
• Headers

KEY	VALUE
Authorization	Bearer {access_token}
Content-Type	application/json

• Body

{
    "clientId": "eagleeye",
    "resourceIds": null,
    "clientSecret": "123456cs",
    "scope": "webclient,mobileclient",
    "authorizedGrantTypes": "refresh_token,password,client_credentials",
    "webServerRedirectUri": null,
    "authorities": null,
    "accessTokenValidity": 36000,
    "refreshTokenValidity": 36000,
    "additionalInformation": null,
    "autoapprove": "1"
}

• Notes

AS6: Delete a client record by client ID.

• URL: http://localhost:8901/auth/client/{clientId}
• Method: DELETE
• Parameters
  • clientId: The client ID for identifying the record needs to be deleted.
• Headers

KEY	VALUE
Authorization	Bearer {access_token}

• Body
• Notes

AS7: Get a user record with authorities by username.

• URL: http://localhost:8901/auth/user/{username}
• Method: GET
• Parameters
  • username: The username for looking up.
• Headers

KEY	VALUE
Authorization	Bearer {access_token}

• Body
• Notes

AS8: Update a new user record with authorities.

• URL: http://localhost:8901/auth/user
• Method: PUT
• Parameters
• Headers

KEY	VALUE
Authorization	Bearer {access_token}
Content-Type	application/json

• Body

{
    "username": "mary.dawson",
    "password": "password3",
    "enabled": true,
    "authoritiesList": [
        {
            "username": "mary.dawson",
            "authority": "USER"
        }
    ]
}

• Notes

AS9: Add a new user record with authorities.

• URL: http://localhost:8901/auth/user
• Method: POST
• Parameters
• Headers

KEY	VALUE
Authorization	Bearer {access_token}
Content-Type	application/json

• Body

{
    "username": "mary.dawson",
    "password": "password3",
    "enabled": true,
    "authoritiesList": [
        {
            "username": "mary.dawson",
            "authority": "USER"
        }
    ]
}

• Notes

AS10: Delete a user record with authorities by username.

• URL: http://localhost:8901/auth/user/{username}
• Method: DELETE
• Parameters
  • username: The username for identifying the record needs to be deleted.
• Headers

KEY	VALUE
Authorization	Bearer {access_token}

• Body
• Notes

Database Table(s)

• oauth_client_details
• users
• authorities
• user_orgs