Need to understand more about the project example

[bavly]

Hello,

I do not understand the example of STUPS environment, my bad I am very sorry.

Could you please explain more?

what I know, If I have this path like ('localhost:8080/privite) is "isAuthenticated()"

Make Post request to get access token
http://localhost:8080/oauth/token?grant_type=password&username=user&password=user&password

then get the access_token: like that a8f..etc

Then make a Getrequest to 'localhost:8080/private?access_token=a8f...etc'

I need to understand for like this url https://example.com/access_tokens will be like localhost:8080/private?access_token=a8f...etc ?

AccessTokens tokens = Tokens.createAccessTokensWithUri(new URI("https://example.com/access_tokens"))

also what exampleRO mean ?

Thanks a lot for your effort appreciated.

[fatroom]

I can answer on additional question: in example there's two managed tokens created. First one is exampleRW with the scopes read and write, the second one is exampleRO with scope read. RO stands here for read only token.

Unfortunately I doesn't fully understand your first one. Can you explain once more what are you trying to achieve?

[bavly]

Thanks, @fatroom for your reply,

For the first part, I have seen this video in order to understand
Secure REST API with authentication using Spring Boot, Security, OAuth2, and JPA.

https://www.youtube.com/watch?v=0pD7YeTAUkk

I have understood that

The token is generated from the URI "https://example.com/access_tokens" there are 2 types (Read & write).

When I want to make a get request to the server "https://api.example.com", I must take the token generated before
& add it as a Bearer Authentication like that

.addHeader("Authorization", "Bearer " + token)

I am understood correctly?

also, the 2 URLs must be in the same domain, am I right?

I am asking because I need to understand this example in order to apply it to the K8s (Kubernetes or in EC2 ) servers.

I think it needs to add like 2 lines to explain the code example.

Thanks

[fatroom]

When I want to make a get request to the server "https://api.example.com", I must take the token generated before
& add it as a Bearer Authentication like that

.addHeader("Authorization", "Bearer " + token)

yes, correct.

The url supplied during the token creation in STUPS environment is the url of your identity provider (the service that generate the token). It's not mandatory that your identity provider residing in the same domain as service that you're trying to protect.

[bavly]

Thanks to @fatroom a lot I could understand now.

You mean by identity provider URL the URL that generates the token?
I could use the token generated with any API needed bearer authentication?

I will try to use the service.
I will add the Maven dependency, then will use it.

Appreciated,

[fatroom]

Correct by identity provider I mean service that stands behind URL that generates tokens (auth0, Amazon Cognito and others).
Correct, you can you token generated with any api that require bearer authentication if the API will be ready to accept tokens issued by your provider and they will contain valid scopes.

[bavly]

Thanks,

as a conclusion, I think to add after the code these sentences in Readme file.

• The token is generated from the URI "https://example.com/access_tokens" is for ('identity provider URL')
  by Identity provider I mean service that stands behind URL that generates tokens (auth0, Amazon Cognito, and others).

• After that, If we have done a Get request to the server API "https://api.example.com", take the token generated before & add it as a Bearer Authentication like that
  .addHeader("Authorization", "Bearer " + token)

• if the API requires bearer authentication, you could use the token created by 'identity provider URL'.

Thanks a lot for your help.