OAuth 2 support in Unfiltered
186 views
Skip to first unread message
Dmitry G
Nov 3, 2011, 3:31:31 PM11/3/11
to Unfiltered
Folks,
I see the branch for OAuth 2 support in Unfiltered, I also saw the
discussion thread (http://groups.google.com/group/unfiltered-scala/
browse_thread/thread/2240ea72589e314e/19c5d4977d5f2938?lnk=gst&q=oauth
+2#19c5d4977d5f2938)
Can someone provide a bit more "noob-oriented" set of steps, code
snippet, or unit test which would demonstrate what's need to make a
Client Credentials flow work with this OAuth 2 server support?
In other words, say I have my service like below, now I want to add
OAuth 2 server support to it, what are the steps? I.e. how to give
access to tokens, then validate tokens at request time?
Thanks a lot
class MyService extends unfiltered.filter.Planify(
{
case GET(UFPath("/get_person")) => {
val address = Address("Bulevard", "Helsinki")
val person = Person("Joe", address, 35)
import net.liftweb.json.Serialization
implicit val formats = Serialization.formats(NoTypeHints)
new ComposeResponse(JsonContent ~>
ResponseString(Serialization.write(person)))
}
case r @ POST(UFPath("/post_person")) => {
implicit val formats = DefaultFormats
val p = JsonBody(r).extract[Person]
// println("==> got person: " + p)
ResponseString("Posted Person OK") ~> Ok
}
})
I see the branch for OAuth 2 support in Unfiltered, I also saw the
discussion thread (http://groups.google.com/group/unfiltered-scala/
browse_thread/thread/2240ea72589e314e/19c5d4977d5f2938?lnk=gst&q=oauth
+2#19c5d4977d5f2938)
Can someone provide a bit more "noob-oriented" set of steps, code
snippet, or unit test which would demonstrate what's need to make a
Client Credentials flow work with this OAuth 2 server support?
In other words, say I have my service like below, now I want to add
OAuth 2 server support to it, what are the steps? I.e. how to give
access to tokens, then validate tokens at request time?
Thanks a lot
class MyService extends unfiltered.filter.Planify(
{
case GET(UFPath("/get_person")) => {
val address = Address("Bulevard", "Helsinki")
val person = Person("Joe", address, 35)
import net.liftweb.json.Serialization
implicit val formats = Serialization.formats(NoTypeHints)
new ComposeResponse(JsonContent ~>
ResponseString(Serialization.write(person)))
}
case r @ POST(UFPath("/post_person")) => {
implicit val formats = DefaultFormats
val p = JsonBody(r).extract[Person]
// println("==> got person: " + p)
ResponseString("Posted Person OK") ~> Ok
}
})
Doug Tangren
Nov 3, 2011, 3:49:52 PM11/3/11
to unfilter...@googlegroups.com
I can give you a more thorough answer tonight but the way you add oauth support is by mounting a few filter plans in front of your MyService Plan
There is some info on the readme of that module here
https://github.com/unfiltered/unfiltered/blob/oauth2/oauth2/README.md
It doesn't stray too far from this oauth1 example below
https://github.com/softprops/unfiltered-oauth-server.g8/blob/master/src/main/g8/src/main/scala/Server.scala
The idea is that you implement a handful of methods of an instance of a trait which you pass into the the oauth filters and the oauth filters run through the protocol steps for you. If a consumer passes validation you should be able to access an identifier for the resource owner and the scopes they authorized for a given token
https://github.com/unfiltered/unfiltered/blob/oauth2/oauth2/src/main/scala/protections.scala#L40-41
from the underlying http servlet request. I this not technically ideal because this means that we can't reuse this in the context of Netty.
There has been more active development on this branch recently by others than myself which may be able to help contribute to an answer to you question. I'll try to give you a more thorough answer tonight.
Dmitry G
Nov 3, 2011, 4:11:47 PM11/3/11
to Unfiltered
Doug,
Thanks for your quick response. As I understand it, we basically want
to wire in our "awesome api"/myservice into this sample
object Main {
def main(args: Array[String]) {
unfiltered.jetty.Http(8080)
.context("/oauth/") {
_.filter(OAuthorization(...))
}.context("/api") {
_.filter(Protection(...))
.filter(new YourAwesomeApi)
}.run
}
}
where OAuthorization takes care of the auth server concerns and
Protection of the resource server concerns (?)
I think part of the issue is that as a noob I don't quite see how
plans are deployed into containers quite yet.. Plus I'm not clear on
what logic we'd need to provide to complete the Auth Server and
Resource Server impls.
I'm looking forward to your more detailed response - thanks so much!
On Nov 3, 3:49 pm, Doug Tangren <d.tang...@gmail.com> wrote:
> > )
> https://github.com/softprops/unfiltered-oauth-server.g8/blob/master/s...
Thanks for your quick response. As I understand it, we basically want
to wire in our "awesome api"/myservice into this sample
object Main {
def main(args: Array[String]) {
unfiltered.jetty.Http(8080)
.context("/oauth/") {
_.filter(OAuthorization(...))
}.context("/api") {
_.filter(Protection(...))
.filter(new YourAwesomeApi)
}.run
}
}
where OAuthorization takes care of the auth server concerns and
Protection of the resource server concerns (?)
I think part of the issue is that as a noob I don't quite see how
plans are deployed into containers quite yet.. Plus I'm not clear on
what logic we'd need to provide to complete the Auth Server and
Resource Server impls.
I'm looking forward to your more detailed response - thanks so much!
On Nov 3, 3:49 pm, Doug Tangren <d.tang...@gmail.com> wrote:
> On Thu, Nov 3, 2011 at 3:31 PM, Dmitry G <dgoldenb...@savingstar.com> wrote:
> > Folks,
>
> > I see the branch for OAuth 2 support in Unfiltered, I also saw the
> > discussion thread (http://groups.google.com/group/unfiltered-scala/
> > browse_thread/thread/2240ea72589e314e/19c5d4977d5f2938?lnk=gst&q=oauth
> > +2#19c5d4977d5f2938<http://groups.google.com/group/unfiltered-scala/%0Abrowse_thread/thre...>
> > Folks,
>
> > I see the branch for OAuth 2 support in Unfiltered, I also saw the
> > discussion thread (http://groups.google.com/group/unfiltered-scala/
> > browse_thread/thread/2240ea72589e314e/19c5d4977d5f2938?lnk=gst&q=oauth
> > )
>
> The idea is that you implement a handful of methods of an instance of a
> trait which you pass into the the oauth filters and the oauth filters run
> through the protocol steps for you. If a consumer passes validation you
> should be able to access an identifier for the resource owner and the
> scopes they authorized for a given token
>
> https://github.com/unfiltered/unfiltered/blob/oauth2/oauth2/src/main/...
> The idea is that you implement a handful of methods of an instance of a
> trait which you pass into the the oauth filters and the oauth filters run
> through the protocol steps for you. If a consumer passes validation you
> should be able to access an identifier for the resource owner and the
> scopes they authorized for a given token
>
Doug Tangren
Nov 4, 2011, 2:10:01 AM11/4/11
to unfilter...@googlegroups.com
On Thu, Nov 3, 2011 at 4:11 PM, Dmitry G <dgold...@savingstar.com> wrote:
Doug,
Thanks for your quick response. As I understand it, we basically want
to wire in our "awesome api"/myservice into this sample
object Main {
def main(args: Array[String]) {
unfiltered.jetty.Http(8080)
.context("/oauth/") {
_.filter(OAuthorization(...))
}.context("/api") {
_.filter(Protection(...))
.filter(new YourAwesomeApi)
}.run
}
}
where OAuthorization takes care of the auth server concerns and
Protection of the resource server concerns (?)
I think part of the issue is that as a noob I don't quite see how
plans are deployed into containers quite yet.. Plus I'm not clear on
what logic we'd need to provide to complete the Auth Server and
Resource Server impls.
I'm looking forward to your more detailed response - thanks so much!
Sorry, it's late and I didn't get to responding properly tonight. I will def touch back tomorrow.
In the mean time checkout @tekul's connect repo which ties together an oauth2 server and client with spinkles like openid support! It also makes pretty good use of scala's cake pattern.
It's high time I make a giter8 template for a sample oauth2 server. giter8 templates sometimes help document things a little better than a readme because they are executable examples you can actually play with.
Also checkout the specs for the oauth2 module project for ideas. A mock server is included which fills in the interface blanks
Here's a small example of mounting and auth server
That may be a lot to take in, but what you should get out of it is that the blanks you need to fill in are the http responses that would normally be server specific, i.e. logging in a user, handling obtaining authorization before responding to the client, and data store access tokens and oauth clients.
I'll touch base here tomorrow.
Anton Moiseev
Jan 17, 2015, 6:49:42 PM1/17/15
to unfilter...@googlegroups.com, dgold...@savingstar.com
Dmitry, did you have a chance to find or write a noob-oriented snippet for oauth2?
I just want to have a simple webapp with public and protected area (e.g., /admin and /user are protected, and all the rest is public). I have implemented this with BasicAuth, but I don't like browser-based login/password window, I want to have login-password fields inside html page. So now wondering, if I can use oauth2 module for that. The documentation does not clearly tell, how this can be implemented. All the provided links and links I have found seem to have too much code and seem to require advanced knowledge on how oauth protocols work. I am looking for a simple example, which uses library classes as much as possible and shows, what minimal application-specific info I should provide myself.
I just want to have a simple webapp with public and protected area (e.g., /admin and /user are protected, and all the rest is public). I have implemented this with BasicAuth, but I don't like browser-based login/password window, I want to have login-password fields inside html page. So now wondering, if I can use oauth2 module for that. The documentation does not clearly tell, how this can be implemented. All the provided links and links I have found seem to have too much code and seem to require advanced knowledge on how oauth protocols work. I am looking for a simple example, which uses library classes as much as possible and shows, what minimal application-specific info I should provide myself.
Reply all
Reply to author
Forward
0 new messages