Password Credential OAuth2 Integration with Kong.

[javadevmtl]

Hello trying to integrate Password Credentials with Kong and Vertx

https://getkong.org/plugins/oauth2-authentication/#resource-owner-password-credentials

I have tried the following but I get NotFound error.

io.vertx.core.impl.NoStackTraceThrowable: Not Found

Access Token Error: Not Found

        private void authorize(final RoutingContext routingContext) {

                JsonObject tokenConfig = null;

                final OAuth2Auth oauth2 = OAuth2Auth.create(vertx, OAuth2FlowType.PASSWORD, new OAuth2ClientOptions()

                    .setClientID("merchantappclientid")

                    .setClientSecret("password")

                    .setSite("http://xxx.xxx.xxx.13:8000") <---- Thats the kong OAUTH adress

                    .setTokenPath("/oauth2/token")

            );

                tokenConfig = new JsonObject().put("provision_key", "my_key").put("scope", "myscope").put("authenticated_userid", "someone").put("username", "someone").put("password", "password");

                System.out.println("Authorizing!");

                oauth2.getToken(tokenConfig, res -> {

                        if (res.failed()) {

                                res.cause().printStackTrace();

                                System.err.println("Access Token Error: " + res.cause().getMessage());

                        } else {

                                // Get the access token object (the authorization code is given

                                // from the previous step).

                                AccessToken token = res.result();

                                System.out.println(token.principal().encodePrettily());

                               

                                oauth2.api(HttpMethod.GET, "/oauth2/token", new JsonObject().put("access_token", token.principal().getString("access_token")), res2 -> {

                                      // the user object should be returned here...

                                        routingContext.response().end("Authorized!");

                            });

                        }

                });

        }

[Paulo Lopes]

It seems you're getting a HTTP 404 error: Not Found (you should verify your endpoint configurations with kong).

[javadevmtl]

Yeah cool now I'm trying this...

OAuth2Auth oauth2 = OAuth2Auth.create(vertx, OAuth2FlowType.PASSWORD, new OAuth2ClientOptions()

       .setClientID("clientid123")

       .setClientSecret("clientsecret123")

       .setSite("https://mykongiip:8443/")

       .setHeaders(new JsonObject().put("Host", "xxx.xxx.xxx.xxx"))

       .setTokenPath("/oauth2/token")

);

Kong requires HTTPs for Oauth2 and I'm using default self signed cert. Is there a way to skip the cert validation?

javax.net.ssl.SSLHandshakeException: Failed to create SSL connection

at io.vertx.core.http.impl.ConnectionManager$ConnQueue.handshakeFailure(ConnectionManager.java:316)

at io.vertx.core.http.impl.ConnectionManager$ConnQueue.access$1700(ConnectionManager.java:186)

at io.vertx.core.http.impl.ConnectionManager$ChannelConnector.lambda$null$1(ConnectionManager.java:502)

at io.netty.util.concurrent.DefaultPromise.notifyListener0(DefaultPromise.java:514)

at io.netty.util.concurrent.DefaultPromise.notifyListeners0(DefaultPromise.java:507)

at io.netty.util.concurrent.DefaultPromise.notifyListenersNow(DefaultPromise.java:486)

at io.netty.util.concurrent.DefaultPromise.notifyListeners(DefaultPromise.java:427)

at io.netty.util.concurrent.DefaultPromise.tryFailure(DefaultPromise.java:129)

at io.netty.handler.ssl.SslHandler.notifyHandshakeFailure(SslHandler.java:1235)

at io.netty.handler.ssl.SslHandler.setHandshakeFailure(SslHandler.java:1230)

at io.netty.handler.ssl.SslHandler.setHandshakeFailure(SslHandler.java:1205)

at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1060)

at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:900)

at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:411)

at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:248)

at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:372)

at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:358)

at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:350)

at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1334)

at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:372)

at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:358)

at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:926)

at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:129)

at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:610)

at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:551)

at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:465)

at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:437)

at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:873)

at java.lang.Thread.run(Thread.java:745)

Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem

at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1431)

at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535)

at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:813)

at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781)

at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)

at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1094)

at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:966)

... 17 more

Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem

at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)

at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1728)

at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:304)

at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)

at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)

at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)

at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)

at sun.security.ssl.Handshaker$1.run(Handshaker.java:919)

at sun.security.ssl.Handshaker$1.run(Handshaker.java:916)

at java.security.AccessController.doPrivileged(Native Method)

at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1369)

at io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1120)

at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1005)

... 17 more

Caused by: java.security.cert.CertificateException: No subject alternative names present

at sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:144)

at sun.security.util.HostnameChecker.match(HostnameChecker.java:93)

at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455)

at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:436)

at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:252)

at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136)

at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496)

... 25 more

By the way the sample in the docs omits the fact that you need to setup up the credentials for password auth too

[Paulo Lopes]

OAuth2Options extends HttpClientOptions which means you can use it to configure the http client that will in your case talk to kong. So you can disable the client verification there.

[javadevmtl]

Ah ok thats not verry fluenty then! Hehe

OAuth2ClientOptions credentials = new OAuth2ClientOptions()

   .setClientID("<client-id>")

   .setClientSecret("<client-secret>")

   .setSite("https://api.oauth.com").setSsl(true);

setSsl(); returns HttpOptions not OAuth2ClientOptions

[Paulo Lopes]

That is a limitation of the inheritance system :-| OAuth2Options extends HttpClientOptions but the upcasting will not be allowed directly.