OAuth 2.0: RESTful API

Overview 


I have already made a blog about OAUTH 2.0 and you should check that out before this, as prior knowledge of OAuth 2.0 might be needed to understand this application. In this I will be guiding you through a Resource Server API for OAuth 2.0 framework.

Resource is where the resources for OAuth will be handled, so our server should be able to handle OAuth 2.0 requests and obviously the RESTful API. It should be able to handle requests from the Authorization server.

There are many API server and one of the examples is the WSO2 API Manager, however here we create the Resource server AND the Authorization Server.

Application

"client_credentials" will be the grant type.


Here I have created a user first (username = admin, password = admin) and all the functions and configuration that handle requests from the client are written in this file.




run the app


To make all get and post requests to the resource server we use Postman Chrome Add-on. You can use other similar products such as RESTclient Mozilla Firefox Add-on for this.
First of all We have to make a POST request to get the access token from the authorization server.
For that, we have to send the authorization key in the header.
Authorization : Bearer XXXXXXXXXXXXXXX
And also we have to mention the content type in the header.
Content-Type : application/x-www-form-urlencoded

Then we have to mention these 3 parameters in the body.
username=admin
password=admin
grant_type=client_credentials
The URL should be the endpoint that gives us the access token.
http://localhost:3000/oauth/token

When we send this http://localhost:3000/oauth/token we get the response which has access token in it. This access token also has an expiration time.
Then we have to make a GET request to retrieve the resources we need.

 
Now our URL is different because we have to call a different endpoint to get these resources which is
"http://localhost:3000/profile".
 We do not have to mention anything in the body.
In the request header, we should send the access token we got in the previous step.
           Authorization: Bearer XXXXXXXXXXXXXXX
Make sure that the access token is not expired. Otherwise, you will get an error message saying that it has expired.
When you sent this request you get a response that contains the resources we specified in the code.          {"name":"hashitha","id":"set"}

Link

 github: https://github.com/HashKushayne/OAuth-RESTful-API

Comments

Post a Comment

Popular Posts