Spring boot official web-site for Authorization server
In this application we can see that how authorization server configured.
We have two steps to complete this demo.
To checkout in memory demo we have a tag:
curl --location 'http://localhost:9000/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic cmVnaXN0cmFyLWNsaWVudDpzZWNyZXQ=' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'scope=client.create client.read' \
--data-urlencode 'client_id=registrar-client' \
--data-urlencode 'client_secret=secret'
Into Authorization key, we need to send client_id:secret key
We have defined above client id and secret key into IntializationServer
To implement authorization code, first we need to provide /oauth2/authorize then get the access token
Create a get type url as below:
url: http://localhost:9000/oauth2/authorize
method: GET
QUERY Params:
response_type:code
client_id:application-client
state:fjkwja
scope:openid profile
redirect_uri:http://127.0.0.1:8080/login/oauth2/code/oidc-client
The CURL for above:
curl --location 'http://localhost:9000/oauth2/authorize?response_type=code&client_id=application-client&state=fjkwja&scope=openid%20profile&redirect_uri=http%3A%2F%2F127.0.0.1%3A8080%2Flogin%2Foauth2%2Fcode%2Foidc-client' \
When we open above url in browser, identity server will ask for user credentials. Into this you need to pass
username: user
password: password
when authentication done, identity server will redirect to provided redirect_url with code and state request param
with the help of state, we can confirm csrf attack and code is used to get the access token
To get access token:
URL: http://localhost:9000/oauth2/token
Headers:
'Content-Type: application/x-www-form-urlencoded'
'Authorization: Basic cmVnaXN0cmFyLWNsaWVudDpzZWNyZXQ='
grant_type:authorization_code
code:<received_at_redirect_url>
redirect_uri:https://oauth.pstmn.io/v1/callback
client_id: application-client
client_secret: secret