OAuth: Difference between revisions

From Chorke Wiki
Jump to navigation Jump to search
Line 236: Line 236:
* [https://api.stackexchange.com/docs/authentication Stack Exchange Authentication]
* [https://api.stackexchange.com/docs/authentication Stack Exchange Authentication]
* [https://developers.google.com/identity/protocols/OpenIDConnect Google OpenID Connect]
* [https://developers.google.com/identity/protocols/OpenIDConnect Google OpenID Connect]
* [https://developer.linkedin.com/docs/guide/v2/concepts/authentication LinkedIn Developers]


| valign="top" |
| valign="top" |

Revision as of 07:51, 5 October 2020

;oauth access token and refresh token
oauth_refresh_token:org.springframework.security.oauth2.provider.token.store.JdbcTokenStore
oauth_access_token:org.springframework.security.oauth2.provider.token.store.JdbcTokenStore
oauth_approvals:org.springframework.security.oauth2.provider.approval.JdbcApprovalStore
;
;oauth client authentication and authorization
oauth_client_details:org.springframework.security.oauth2.provider.client.JdbcClientDetailsService
oauth_client_token:org.springframework.security.oauth2.client.token.JdbcClientTokenServices
oauth_code:org.springframework.security.oauth2.provider.code.JdbcAuthorizationCodeServices
SELECT
    client_id,                 -- V256) PKC,
    resource_ids,              -- V(256),
    client_secret,             -- V(256) NNC,
    scope,                     -- V(256),
    authorized_grant_types,    -- V(256),
    web_server_redirect_uri,   -- V(256),
    authorities,               -- V(256),
    access_token_validity,     -- INT,
    refresh_token_validity,    -- INT,
    additional_information,    -- V(4000),
    autoapprove                -- V(256)
FROM
    oauth_client_details;
SELECT
    token_id,         -- V(256),
    token,            -- B,
    authentication    -- B



FROM
    oauth_refresh_token;
SELECT
    token_id,            -- V(256),
    token,               -- B,
    authentication_id,   -- V(256) PKC,
    user_name,           -- V(256),
    client_id            -- V(256)






FROM
    oauth_client_token;
CREATE TABLE oauth_code (
    code,             -- V(256),
    authentication    -- B




FROM
    oauth_code;
SELECT
    token_id,            -- V(256),
    token,               -- B,
    authentication_id,   -- V(256),
    user_name,           -- V(256),
    client_id,           -- V(256),
    authentication,      -- B,
    refresh_token        -- V(256)




FROM
    oauth_access_token;
SELECT
    userid,           -- V(256),
    clientid,         -- V(256),
    scope,            -- V(256),
    status,           -- V(10),
    expiresat,        -- T,
    lastmodifiedat    -- T
FROM
    oauth_approvals;

Grant Types

Authorization Code

;http://api.chorke.org/auth/oauth/callback/google
;http://api.chorke.org/auth/oauth/authorize
;http://api.chorke.org/auth/oauth/token
grant_type    : authorization_code
client_id     : 
client_secret :
scope         : read write
state         :

Client Credentials

;http://api.chorke.org/auth/oauth/token
grant_type    : client_credentials
client_id     : 
client_secret :
scope         : read write

Device Code

;http://api.chorke.org/auth/oauth/device
grant_type    : device_code
client_id     : 
code          :

Password Credentials]

;http://api.chorke.org/auth/oauth/token
grant_type    : password
username      : 
password      :
client_id     : 
client_secret :
scope         : read write
;

Implicit

;http://api.chorke.org/auth/oauth/callback/google
;http://api.chorke.org/auth/oauth/authorize
client_id     : 
scope         : read write
state         :

OAuth2 Server Config

@Configuration
@EnableAuthorizationServer
@Import(ServerSecurityConfig.class)
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class AuthServerOAuth2Config extends AuthorizationServerConfigurerAdapter {

    @Autowired
    @Qualifier("dataSource")
    private DataSource dataSource;

    @Autowired
    private UserDetailsService userDetailsService;

    @Autowired
    private PasswordEncoder oauthClientPasswordEncoder;

    @Autowired
    private AuthenticationManager authenticationManager;

    @Bean
    public TokenStore tokenStore() {
        return new JdbcTokenStore(dataSource);
    }

    @Bean
    public ApprovalStore approvalStore() {
        return new JdbcApprovalStore(dataSource);
    }

    @Bean
    public ClientTokenServices clientTokenServices() {
        return new JdbcClientTokenServices(dataSource);
    }

    @Bean
    public JdbcClientDetailsService clientDetailsService() {
        return new JdbcClientDetailsService(dataSource);
    }

    @Bean
    public AuthorizationCodeServices authorizationCodeServices() {
        return new JdbcAuthorizationCodeServices(dataSource);
    }

    @Bean
    public OAuth2AccessDeniedHandler oauthAccessDeniedHandler() {
        return new OAuth2AccessDeniedHandler();
    }

    @Override
    public void configure(AuthorizationServerSecurityConfigurer oauthServer) {
        oauthServer.tokenKeyAccess("permitAll()").checkTokenAccess("isAuthenticated()").passwordEncoder(oauthClientPasswordEncoder);
    }

    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.withClientDetails(clientDetailsService());
    }

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
        endpoints.tokenStore(tokenStore()).authenticationManager(authenticationManager);
        endpoints.approvalStore(approvalStore()).userDetailsService(userDetailsService);
        endpoints.authorizationCodeServices(authorizationCodeServices());
    }
}

References