OAuth2Auth oauth2 = OAuth2Auth.create(vertx, OAuth2FlowType.PASSWORD, new OAuth2ClientOptions() .setClientID("client-id") .setClientSecret("client-secret")
// Initialize the OAuth2 Library OAuth2Auth oauth2 = OAuth2Auth.createKeycloak(vertx, OAuth2FlowType.PASSWORD, keycloakJson); // first get a token (authenticate) oauth2.getToken(new JsonObject().put("username", "user").put("password", "secret"), res -> { if (res.failed()) { // error handling... } else { AccessToken token = res.result(); // now check for permissions token.isAuthorised("account:manage-account", r -> { if (r.result()) { // this user is authorized to manage its account } }); } });
private String authURI(String redirectURL) { final JsonObject config = new JsonObject() .put("state", redirectURL); if (host != null) { config.put("redirect_uri", host + callback.getPath()); } if (extraParams != null) { config.mergeIn(extraParams); } if (scopes.size() > 0) { JsonArray _scopes = new JsonArray(); // scopes are passed as an array because the auth provider has the knowledge on how to encode them for (String authority : scopes) { _scopes.add(authority); } config.put("scopes", _scopes); } return ((OAuth2Auth) authProvider).authorizeURL(config); }
.create(vertx, options) .rbacHandler(KeycloakRBAC.create(options));
@Test public void shouldFailLoginWithInvalidToken(TestContext should) { final Async test = should.async(); keycloak.authenticate(new JsonObject().put("access_token", "aaaaaaaaaaaaaaaaaa").put("token_type", "Bearer"), authn2 -> { should.assertTrue(authn2.failed()); should.assertNotNull(authn2.cause()); test.complete(); }); }
((OAuth2Auth) authProvider).decodeToken(token, decodeToken -> { if (decodeToken.failed()) { handler.handle(Future.failedFuture(new HttpStatusException(401, decodeToken.cause().getMessage())));
@Test public void unknownHost() { OAuth2Auth auth = OAuth2Auth.create(vertx, OAuth2FlowType.AUTH_CODE, new OAuth2ClientOptions() .setClientID("client-id") .setClientSecret("client-secret") .setSite("http://zlouklfoux.net.com.info.pimpo.molo")); auth.authenticate(tokenConfig, res -> { if (res.failed()) { assertThat(res.cause(), instanceOf(UnknownHostException.class)); testComplete(); } else { fail("Should have failed"); } }); await(); } }
/** * Query an OAuth 2.0 authorization server to determine the active state of an OAuth 2.0 token and to determine * meta-information about this token. * @param token the access token (base64 string) * @param handler A handler to receive the event * @return self */ public io.vertx.rxjava.ext.auth.oauth2.OAuth2Auth introspectToken(String token, Handler<AsyncResult<io.vertx.rxjava.ext.auth.oauth2.AccessToken>> handler) { delegate.introspectToken(token, new Handler<AsyncResult<io.vertx.ext.auth.oauth2.AccessToken>>() { public void handle(AsyncResult<io.vertx.ext.auth.oauth2.AccessToken> ar) { if (ar.succeeded()) { handler.handle(io.vertx.core.Future.succeededFuture(io.vertx.rxjava.ext.auth.oauth2.AccessToken.newInstance(ar.result()))); } else { handler.handle(io.vertx.core.Future.failedFuture(ar.cause())); } } }); return this; }
/** * This is a verification step, it can abort the instantiation by * throwing a RuntimeException * * @param provider a auth provider * @return the provider if valid */ private static AuthProvider verifyProvider(AuthProvider provider) { if (provider instanceof OAuth2Auth) { if (((OAuth2Auth) provider).getFlowType() != AUTH_CODE) { throw new IllegalArgumentException("OAuth2Auth + Bearer Auth requires OAuth2 AUTH_CODE flow"); } } return provider; }
@Test public void shouldReloadJWK(TestContext should) { final Async test = should.async(); keycloak.loadJWK(load -> { should.assertTrue(load.succeeded()); keycloak.authenticate(new JsonObject().put("username", "test-user").put("password", "tiger"), authn -> { should.assertTrue(authn.succeeded()); should.assertNotNull(authn.result()); // generate a access token from the user AccessToken token = (AccessToken) authn.result(); should.assertNotNull(token.accessToken()); test.complete(); }); }); } }
@Test public void shouldIntrospectAccessToken(TestContext should) { final Async test = should.async(); keycloak.authenticate(new JsonObject().put("username", "test-user").put("password", "tiger"), authn -> { should.assertTrue(authn.succeeded()); should.assertNotNull(authn.result()); // generate a access token from the user AccessToken token = (AccessToken) authn.result(); OAuth2ClientOptions options = new OAuth2ClientOptions() .setFlow(OAuth2FlowType.PASSWORD) .setSite(site + "/auth/realms/vertx-test") .setClientID("confidential-client") .setClientSecret("62b8de48-672e-4287-bb1e-6af39aec045e"); options.setTrustAll(true); // get a auth handler for the confidential client KeycloakAuth.discover( rule.vertx(), options, discover -> { should.assertTrue(discover.succeeded()); OAuth2Auth confidential = discover.result(); confidential.introspectToken(token.opaqueAccessToken(), introspect -> { should.assertTrue(introspect.succeeded()); test.complete(); }); }); }); }
public io.vertx.rxjava.ext.auth.oauth2.OAuth2Auth rbacHandler(io.vertx.rxjava.ext.auth.oauth2.OAuth2RBAC rbac) { delegate.rbacHandler(rbac.getDelegate()); return this; }
/** * Loads a JWK Set from the remote provider. * * When calling this method several times, the loaded JWKs are updated in the underlying JWT object. * @param handler * @return */ public io.vertx.rxjava.ext.auth.oauth2.OAuth2Auth loadJWK(Handler<AsyncResult<Void>> handler) { delegate.loadJWK(handler); return this; }
@Before public void setUp(TestContext should) { oauth = OAuth2Auth .create( rule.vertx(), new OAuth2ClientOptions() .rbacHandler(MicroProfileRBAC.create());
@Test public void shouldLoginWithUsernamePassword(TestContext should) { final Async test = should.async(); keycloak.authenticate(new JsonObject().put("username", "test-user").put("password", "tiger"), authn -> { should.assertTrue(authn.succeeded()); should.assertNotNull(authn.result()); test.complete(); }); }
/** * Decode a token to a {@link io.vertx.rxjava.ext.auth.oauth2.AccessToken} object. This is useful to handle bearer JWT tokens. * @param token the access token (base64 string) * @param handler A handler to receive the event * @return self */ @Deprecated() public io.vertx.rxjava.ext.auth.oauth2.OAuth2Auth decodeToken(String token, Handler<AsyncResult<io.vertx.rxjava.ext.auth.oauth2.AccessToken>> handler) { delegate.decodeToken(token, new Handler<AsyncResult<io.vertx.ext.auth.oauth2.AccessToken>>() { public void handle(AsyncResult<io.vertx.ext.auth.oauth2.AccessToken> ar) { if (ar.succeeded()) { handler.handle(io.vertx.core.Future.succeededFuture(io.vertx.rxjava.ext.auth.oauth2.AccessToken.newInstance(ar.result()))); } else { handler.handle(io.vertx.core.Future.failedFuture(ar.cause())); } } }); return this; }
/** * Query an OAuth 2.0 authorization server to determine the active state of an OAuth 2.0 token and to determine * meta-information about this token. * @param token the access token (base64 string) * @param handler A handler to receive the event * @return self */ public io.vertx.rxjava.ext.auth.oauth2.OAuth2Auth introspectToken(String token, Handler<AsyncResult<io.vertx.rxjava.ext.auth.oauth2.AccessToken>> handler) { delegate.introspectToken(token, new Handler<AsyncResult<io.vertx.ext.auth.oauth2.AccessToken>>() { public void handle(AsyncResult<io.vertx.ext.auth.oauth2.AccessToken> ar) { if (ar.succeeded()) { handler.handle(io.vertx.core.Future.succeededFuture(io.vertx.rxjava.ext.auth.oauth2.AccessToken.newInstance(ar.result()))); } else { handler.handle(io.vertx.core.Future.failedFuture(ar.cause())); } } }); return this; }
/** * Returns the configured flow type for the Oauth2 provider. * @return the flow type. */ public OAuth2FlowType getFlowType() { OAuth2FlowType ret = delegate.getFlowType(); return ret; }