/** * Create a OAuth2Auth provider for Salesforce * * @param clientId the client id given to you by Salesforce * @param clientSecret the client secret given to you by Salesforce * @param httpClientOptions custom http client options */ static OAuth2Auth create(Vertx vertx, String clientId, String clientSecret, HttpClientOptions httpClientOptions) { return OAuth2Auth.create(vertx, new OAuth2ClientOptions(httpClientOptions) .setFlow(OAuth2FlowType.AUTH_CODE) .setSite("http://login.salesforce.com") .setTokenPath("/services/oauth2/token") .setAuthorizationPath("/services/oauth2/authorize") .setScopeSeparator("+") .setClientID(clientId) .setClientSecret(clientSecret)); }
OAuth2Auth oauth2 = OAuth2Auth.create(vertx, OAuth2FlowType.PASSWORD, new OAuth2ClientOptions() .setClientID("client-id") .setClientSecret("client-secret") .setSite("http://localhost:10000"));
/** * Create a OAuth2 auth provider * * @deprecated the flow configuration should be passed in the config object * * @param vertx the Vertx instance * @return the auth provider */ @Deprecated static OAuth2Auth create(Vertx vertx, OAuth2FlowType flow) { return new OAuth2AuthProviderImpl(vertx, new OAuth2ClientOptions().setFlow(flow)); }
static OAuth2Auth createKeycloak(Vertx vertx, OAuth2FlowType flow, JsonObject config) { final OAuth2ClientOptions options = new OAuth2ClientOptions(); options.setSite(config.getString("auth-server-url")); options.setClientID(config.getString("resource")); options.setClientSecret(config.getJsonObject("credentials").getString("secret")); options.setUseBasicAuthorizationHeader(true); final String realm = config.getString("realm"); options.setAuthorizationPath("/realms/" + realm + "/protocol/openid-connect/auth"); options.setTokenPath("/realms/" + realm + "/protocol/openid-connect/token"); options.setRevocationPath(null); options.setLogoutPath("/realms/" + realm + "/protocol/openid-connect/logout"); options.setUserInfoPath("/realms/" + realm + "/protocol/openid-connect/userinfo"); options.addPubSecKey(new PubSecKeyOptions() .setAlgorithm("RS256") .setPublicKey(config.getString("realm-public-key"))); return new OAuth2AuthProviderImpl(vertx, options.setFlow(flow));
case "authorizationPath": if (member.getValue() instanceof String) { obj.setAuthorizationPath((String)member.getValue()); obj.setClientID((String)member.getValue()); obj.setClientSecret((String)member.getValue()); obj.setClientSecretParameterName((String)member.getValue()); obj.setExtraParameters(((JsonObject)member.getValue()).copy()); obj.setFlow(io.vertx.ext.auth.oauth2.OAuth2FlowType.valueOf((String)member.getValue())); obj.setHeaders(((JsonObject)member.getValue()).copy()); obj.setIntrospectionPath((String)member.getValue()); obj.setJwkPath((String)member.getValue()); obj.setJWTOptions(new io.vertx.ext.jwt.JWTOptions((JsonObject)member.getValue())); obj.setLogoutPath((String)member.getValue()); list.add(new io.vertx.ext.auth.PubSecKeyOptions((JsonObject)item)); }); obj.setPubSecKeys(list); obj.setRevocationPath((String)member.getValue());
/** * Create a OAuth2Auth provider for Google * * @param clientId the client id given to you by Google * @param clientSecret the client secret given to you by Google * @param httpClientOptions custom http client options */ static OAuth2Auth create(Vertx vertx, String clientId, String clientSecret, HttpClientOptions httpClientOptions) { return OAuth2Auth.create(vertx, new OAuth2ClientOptions(httpClientOptions) .setSite("https://accounts.google.com") .setFlow(OAuth2FlowType.AUTH_CODE) .setTokenPath("https://www.googleapis.com/oauth2/v3/token") .setAuthorizationPath("/o/oauth2/auth") .setIntrospectionPath("https://www.googleapis.com/oauth2/v3/tokeninfo") .setUserInfoPath("https://www.googleapis.com/oauth2/v3/userinfo") .setJwkPath("https://www.googleapis.com/oauth2/v3/certs") .setUserInfoParameters(new JsonObject() .put("alt", "json")) .setScopeSeparator(" ") .setClientID(clientId) .setClientSecret(clientSecret)); }
@Before public void setUp(TestContext should) { final Async test = should.async(); OAuth2ClientOptions options = new OAuth2ClientOptions() .setFlow(OAuth2FlowType.PASSWORD) .setSite(site + "/auth/realms/vertx-test") .setClientID("public-client"); options.setTrustAll(true); KeycloakAuth.discover( rule.vertx(), options, discover -> { should.assertTrue(discover.succeeded()); keycloak = discover.result(); test.complete(); }); }
OAuth2Auth.create(vertx, new OAuth2ClientOptions(httpClientOptions) .setFlow(OAuth2FlowType.AUTH_JWT) .setClientID(serviceAccountJson.getString("client_id")) .setSite("https://accounts.google.com") .setTokenPath(serviceAccountJson.getString("token_uri")) .addPubSecKey(new PubSecKeyOptions() .setAlgorithm("RS256") .setSecretKey(privateKey.toString())) .setJWTOptions(new JWTOptions() .setAlgorithm("RS256") .setExpiresInMinutes(60)
.create( vertx, new OAuth2ClientOptions() .setClientID("dummy-client") .addPubSecKey(new PubSecKeyOptions() .setAlgorithm("RS256") .setPublicKey(
/** * Create a OAuth2Auth provider for OpenID Connect Discovery. The discovery will use the default site in the * configuration options and attempt to load the well known descriptor. If a site is provided (for example when * running on a custom instance) that site will be used to do the lookup. * <p> * If the discovered config includes a json web key url, it will be also fetched and the JWKs will be loaded * into the OAuth provider so tokens can be decoded. * * @param vertx the vertx instance * @param config the initial config * @param handler the instantiated Oauth2 provider instance handler */ static void discover(final Vertx vertx, final OAuth2ClientOptions config, final Handler<AsyncResult<OAuth2Auth>> handler) { // don't override if already set final String site = config.getSite() == null ? "https://login.salesforce.com" : config.getSite(); OpenIDConnectAuth.discover(vertx, new OAuth2ClientOptions(config) .setSite("https://login.salesforce.com") .setScopeSeparator("+"), handler); } }
@Override public Authenticator authenticate(Vertx vertx, Map<String, String> config, MultiMap headerMap, Handler<AsyncResult<Void>> resultHandler) { OAuth2ClientOptions credentials = new OAuth2ClientOptions(mapToJson(config)); if (config.get("oauthUri") != null) { credentials.setSite(config.get("oauthUri")); credentials.setClientID(config.get("clientId"));
/** * Create a OAuth2 auth provider * * @param vertx the Vertx instance * @return the auth provider */ static OAuth2Auth create(Vertx vertx) { return create(vertx, new OAuth2ClientOptions()); }
@Test public void testBearerOnly() throws Exception { // lets mock a oauth2 server using code auth code flow OAuth2Auth oauth2 = OAuth2Auth.create(vertx, OAuth2FlowType.AUTH_CODE, new OAuth2ClientOptions().setClientID("client-id")); OAuth2AuthHandler oauth2Handler = OAuth2AuthHandler.create(oauth2); // protect everything under /protected router.route("/protected/*").handler(oauth2Handler); // mount some handler under the protected zone router.route("/protected/somepage").handler(rc -> { assertNotNull(rc.user()); rc.response().end("Welcome to the protected resource!"); }); testRequest(HttpMethod.GET, "/protected/somepage", 401, "Unauthorized"); // Now try again with fake credentials testRequest(HttpMethod.GET, "/protected/somepage", req -> req.putHeader("Authorization", "Bearer 4adc339e0"), 401, "Unauthorized", "Unauthorized"); }
/** * Create a OAuth2 auth provider * * @deprecated the flow configuration should be passed in the config object * * @param vertx the Vertx instance * @param config the config * @return the auth provider */ @Deprecated static OAuth2Auth create(Vertx vertx, OAuth2FlowType flow, OAuth2ClientOptions config) { return new OAuth2AuthProviderImpl(vertx, config.setFlow(flow)); }
OAuth2Auth oauth2 = OAuth2Auth.create(vertx, OAuth2FlowType.AUTH_CODE, new OAuth2ClientOptions() .setClientID("client-id") .setClientSecret("client-secret") .setSite("http://localhost:10000"));
final OAuth2ClientOptions options = new OAuth2ClientOptions(httpClientOptions); options.setFlow(flow); options.setSite(config.getString("auth-server-url")); options.setClientID(config.getString("resource")); options.setClientSecret(config.getJsonObject("credentials").getString("secret")); options.setUseBasicAuthorizationHeader(true); final String realm = config.getString("realm"); options.setAuthorizationPath("/realms/" + realm + "/protocol/openid-connect/auth"); options.setTokenPath("/realms/" + realm + "/protocol/openid-connect/token"); options.setRevocationPath(null); options.setLogoutPath("/realms/" + realm + "/protocol/openid-connect/logout"); options.setUserInfoPath("/realms/" + realm + "/protocol/openid-connect/userinfo"); options.setIntrospectionPath("/realms/" + realm + "/protocol/openid-connect/token/introspect"); options.setJwkPath("/realms/" + realm + "/protocol/openid-connect/certs"); options.addPubSecKey(new PubSecKeyOptions() .setAlgorithm("RS256") .setPublicKey(config.getString("realm-public-key")));
@Test public void shouldIntrospectAccessToken(TestContext should) { final Async test = should.async(); keycloak.authenticate(new JsonObject().put("username", "test-user").put("password", "tiger"), authn -> { should.assertTrue(authn.succeeded()); should.assertNotNull(authn.result()); // generate a access token from the user AccessToken token = (AccessToken) authn.result(); OAuth2ClientOptions options = new OAuth2ClientOptions() .setFlow(OAuth2FlowType.PASSWORD) .setSite(site + "/auth/realms/vertx-test") .setClientID("confidential-client") .setClientSecret("62b8de48-672e-4287-bb1e-6af39aec045e"); options.setTrustAll(true); // get a auth handler for the confidential client KeycloakAuth.discover( rule.vertx(), options, discover -> { should.assertTrue(discover.succeeded()); OAuth2Auth confidential = discover.result(); confidential.introspectToken(token.opaqueAccessToken(), introspect -> { should.assertTrue(introspect.succeeded()); test.complete(); }); }); }); }
.create( rule.vertx(), new OAuth2ClientOptions() .setClientID("dummy-client") .addPubSecKey(new PubSecKeyOptions() .setAlgorithm("RS256") .setPublicKey(
/** * Create a OAuth2Auth provider for OpenID Connect Discovery. The discovery will use the default site in the * configuration options and attempt to load the well known descriptor. If a site is provided (for example when * running on a custom instance) that site will be used to do the lookup. * <p> * If the discovered config includes a json web key url, it will be also fetched and the JWKs will be loaded * into the OAuth provider so tokens can be decoded. * * @param vertx the vertx instance * @param config the initial config * @param handler the instantiated Oauth2 provider instance handler */ static void discover(final Vertx vertx, final OAuth2ClientOptions config, final Handler<AsyncResult<OAuth2Auth>> handler) { // don't override if already set final String site = config.getSite() == null ? "https://login.windows.net/common" : config.getSite(); OpenIDConnectAuth.discover( vertx, new OAuth2ClientOptions(config) // Azure OpenId does not return the same url where the request was sent to .setValidateIssuer(false) .setSite(site) .setScopeSeparator(","), handler); } }
@Ignore @Test public void testDecode() { OpenIDConnectAuth.discover( vertx, new OAuth2ClientOptions() .setClientID("vertx") .setSite("http://localhost:8080/auth/realms/master"), res -> { if (res.failed()) { fail(res.cause()); return; } final OAuth2Auth oidc = res.result(); oidc.decodeToken("borked", res1 -> { if (res1.failed()) { testComplete(); return; } fail("Should not reach this!"); }); }); await(); } }