Skip to content
This repository has been archived by the owner on Dec 5, 2022. It is now read-only.

Need to understand more about the project example #205

Open
bavly opened this issue Jun 23, 2020 · 6 comments
Open

Need to understand more about the project example #205

bavly opened this issue Jun 23, 2020 · 6 comments

Comments

@bavly
Copy link

bavly commented Jun 23, 2020

Hello,

I do not understand the example of STUPS environment, my bad I am very sorry.

Could you please explain more?

what I know, If I have this path like ('localhost:8080/privite) is "isAuthenticated()"

Make Post request to get access token
http://localhost:8080/oauth/token?grant_type=password&username=user&password=user&password

then get the access_token: like that a8f..etc

Then make a Getrequest to 'localhost:8080/private?access_token=a8f...etc'

I need to understand for like this url https://example.com/access_tokens will be like localhost:8080/private?access_token=a8f...etc ?

AccessTokens tokens = Tokens.createAccessTokensWithUri(new URI("https://example.com/access_tokens"))

also what exampleRO mean ?

Thanks a lot for your effort appreciated.

@fatroom
Copy link
Member

fatroom commented Jun 23, 2020

I can answer on additional question: in example there's two managed tokens created. First one is exampleRW with the scopes read and write, the second one is exampleRO with scope read. RO stands here for read only token.

Unfortunately I doesn't fully understand your first one. Can you explain once more what are you trying to achieve?

@bavly
Copy link
Author

bavly commented Jun 24, 2020

Thanks, @fatroom for your reply,

For the first part, I have seen this video in order to understand
Secure REST API with authentication using Spring Boot, Security, OAuth2, and JPA.

https://www.youtube.com/watch?v=0pD7YeTAUkk

I have understood that

The token is generated from the URI "https://example.com/access_tokens" there are 2 types (Read & write).

When I want to make a get request to the server "https://api.example.com", I must take the token generated before
& add it as a Bearer Authentication like that

.addHeader("Authorization", "Bearer " + token)

I am understood correctly?

also, the 2 URLs must be in the same domain, am I right?

I am asking because I need to understand this example in order to apply it to the K8s (Kubernetes or in EC2 ) servers.

I think it needs to add like 2 lines to explain the code example.

Thanks

@fatroom
Copy link
Member

fatroom commented Jun 24, 2020

When I want to make a get request to the server "https://api.example.com", I must take the token generated before
& add it as a Bearer Authentication like that

.addHeader("Authorization", "Bearer " + token)

yes, correct.

The url supplied during the token creation in STUPS environment is the url of your identity provider (the service that generate the token). It's not mandatory that your identity provider residing in the same domain as service that you're trying to protect.

@bavly
Copy link
Author

bavly commented Jun 24, 2020

Thanks to @fatroom a lot I could understand now.

You mean by identity provider URL the URL that generates the token?
I could use the token generated with any API needed bearer authentication?

I will try to use the service.
I will add the Maven dependency, then will use it.

Appreciated,

@fatroom
Copy link
Member

fatroom commented Jun 24, 2020

Correct by identity provider I mean service that stands behind URL that generates tokens (auth0, Amazon Cognito and others).
Correct, you can you token generated with any api that require bearer authentication if the API will be ready to accept tokens issued by your provider and they will contain valid scopes.

@bavly
Copy link
Author

bavly commented Jun 24, 2020

Thanks,

as a conclusion, I think to add after the code these sentences in Readme file.

  • The token is generated from the URI "https://example.com/access_tokens" is for ('identity provider URL')
    by Identity provider I mean service that stands behind URL that generates tokens (auth0, Amazon Cognito, and others).

  • After that, If we have done a Get request to the server API "https://api.example.com", take the token generated before & add it as a Bearer Authentication like that
    .addHeader("Authorization", "Bearer " + token)

  • if the API requires bearer authentication, you could use the token created by 'identity provider URL'.

Thanks a lot for your help.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants