use of io.vertx.ext.auth.oauth2.OAuth2Auth in project vertx-auth by vert-x3.
the class OAuth2KeyRotationTest method testLoadJWK.
@Test
public void testLoadJWK() {
OAuth2Auth oauth2 = GoogleAuth.create(vertx, "", "");
oauth2.loadJWK(load -> {
assertFalse(load.failed());
testComplete();
});
await();
}
use of io.vertx.ext.auth.oauth2.OAuth2Auth in project vertx-auth by vert-x3.
the class OAuth2Auth method createKeycloak.
/**
* @deprecated You should use the provider helper {@link io.vertx.ext.auth.oauth2.providers.KeycloakAuth} instead.
*
* Create a OAuth2 auth provider
*
* @param vertx the Vertx instance
* @param config the config as exported from the admin console
* @return the auth provider
*/
@Deprecated
static OAuth2Auth createKeycloak(Vertx vertx, OAuth2FlowType flow, JsonObject config) {
final OAuth2ClientOptions options = new OAuth2ClientOptions();
// keycloak conversion to oauth2 options
if (config.containsKey("auth-server-url")) {
options.setSite(config.getString("auth-server-url"));
}
if (config.containsKey("resource")) {
options.setClientID(config.getString("resource"));
}
if (config.containsKey("credentials") && config.getJsonObject("credentials").containsKey("secret")) {
options.setClientSecret(config.getJsonObject("credentials").getString("secret"));
}
if (config.containsKey("public-client") && config.getBoolean("public-client", false)) {
options.setUseBasicAuthorizationHeader(true);
}
if (config.containsKey("realm")) {
final String realm = config.getString("realm");
options.setAuthorizationPath("/realms/" + realm + "/protocol/openid-connect/auth");
options.setTokenPath("/realms/" + realm + "/protocol/openid-connect/token");
options.setRevocationPath(null);
options.setLogoutPath("/realms/" + realm + "/protocol/openid-connect/logout");
options.setUserInfoPath("/realms/" + realm + "/protocol/openid-connect/userinfo");
}
if (config.containsKey("realm-public-key")) {
options.addPubSecKey(new PubSecKeyOptions().setAlgorithm("RS256").setPublicKey(config.getString("realm-public-key")));
}
return new OAuth2AuthProviderImpl(vertx, flow, options);
}
use of io.vertx.ext.auth.oauth2.OAuth2Auth in project vertx-auth by vert-x3.
the class KeycloakAuth method create.
/**
* Create a OAuth2Auth provider for Keycloak
*
* @param flow the oauth2 flow to use
* @param config the json config file exported from Keycloak admin console
* @param httpClientOptions custom http client options
*/
static OAuth2Auth create(Vertx vertx, OAuth2FlowType flow, JsonObject config, HttpClientOptions httpClientOptions) {
final OAuth2ClientOptions options = new OAuth2ClientOptions(httpClientOptions);
// keycloak conversion to oauth2 options
if (config.containsKey("auth-server-url")) {
options.setSite(config.getString("auth-server-url"));
}
if (config.containsKey("resource")) {
options.setClientID(config.getString("resource"));
}
if (config.containsKey("credentials") && config.getJsonObject("credentials").containsKey("secret")) {
options.setClientSecret(config.getJsonObject("credentials").getString("secret"));
}
if (config.containsKey("public-client") && config.getBoolean("public-client", false)) {
options.setUseBasicAuthorizationHeader(true);
}
if (config.containsKey("realm")) {
final String realm = config.getString("realm");
options.setAuthorizationPath("/realms/" + realm + "/protocol/openid-connect/auth");
options.setTokenPath("/realms/" + realm + "/protocol/openid-connect/token");
options.setRevocationPath(null);
options.setLogoutPath("/realms/" + realm + "/protocol/openid-connect/logout");
options.setUserInfoPath("/realms/" + realm + "/protocol/openid-connect/userinfo");
// keycloak follows the RFC7662
options.setIntrospectionPath("/realms/" + realm + "/protocol/openid-connect/token/introspect");
// keycloak follows the RFC7517
options.setJwkPath("/realms/" + realm + "/protocol/openid-connect/certs");
}
if (config.containsKey("realm-public-key")) {
options.addPubSecKey(new PubSecKeyOptions().setAlgorithm("RS256").setPublicKey(config.getString("realm-public-key")));
// we could load keys
options.setJWTToken(true);
}
return OAuth2Auth.create(vertx, flow, options);
}
use of io.vertx.ext.auth.oauth2.OAuth2Auth in project vertx-examples by vert-x3.
the class Server method start.
@Override
public void start() throws Exception {
// To simplify the development of the web components we use a Router to route all HTTP requests
// to organize our code in a reusable way.
final Router router = Router.router(vertx);
// We need cookies and sessions
router.route().handler(CookieHandler.create());
router.route().handler(SessionHandler.create(LocalSessionStore.create(vertx)));
// Simple auth service which uses a GitHub to authenticate the user
OAuth2Auth authProvider = GithubAuth.create(vertx, CLIENT_ID, CLIENT_SECRET);
// We need a user session handler too to make sure the user is stored in the session between requests
router.route().handler(UserSessionHandler.create(authProvider));
// we now protect the resource under the path "/protected"
router.route("/protected").handler(OAuth2AuthHandler.create(authProvider).setupCallback(router.route("/callback")).addAuthority("user:email"));
// Entry point to the application, this will render a custom template.
router.get("/").handler(ctx -> {
// we pass the client id to the template
JsonObject data = new JsonObject().put("client_id", CLIENT_ID);
// and now delegate to the engine to render it.
engine.render(data, "views/index.hbs", res -> {
if (res.succeeded()) {
ctx.response().putHeader("Content-Type", "text/html").end(res.result());
} else {
ctx.fail(res.cause());
}
});
});
// The protected resource
router.get("/protected").handler(ctx -> {
AccessToken user = (AccessToken) ctx.user();
// retrieve the user profile, this is a common feature but not from the official OAuth2 spec
user.userInfo(res -> {
if (res.failed()) {
// request didn't succeed because the token was revoked so we
// invalidate the token stored in the session and render the
// index page so that the user can start the OAuth flow again
ctx.session().destroy();
ctx.fail(res.cause());
} else {
// the request succeeded, so we use the API to fetch the user's emails
final JsonObject userInfo = res.result();
// fetch the user emails from the github API
// the fetch method will retrieve any resource and ensure the right
// secure headers are passed.
user.fetch("https://api.github.com/user/emails", res2 -> {
if (res2.failed()) {
// request didn't succeed because the token was revoked so we
// invalidate the token stored in the session and render the
// index page so that the user can start the OAuth flow again
ctx.session().destroy();
ctx.fail(res2.cause());
} else {
userInfo.put("private_emails", res2.result().jsonArray());
// we pass the client info to the template
JsonObject data = new JsonObject().put("userInfo", userInfo);
// and now delegate to the engine to render it.
engine.render(data, "views/advanced.hbs", res3 -> {
if (res3.succeeded()) {
ctx.response().putHeader("Content-Type", "text/html").end(res3.result());
} else {
ctx.fail(res3.cause());
}
});
}
});
}
});
});
vertx.createHttpServer().requestHandler(router).listen(8080);
}
use of io.vertx.ext.auth.oauth2.OAuth2Auth in project vertx-web by vert-x3.
the class WebExamples method example59.
public void example59(Vertx vertx, Router router) {
// create an OAuth2 provider, clientID and clientSecret should be requested to Google
OAuth2Auth authProvider = OAuth2Auth.create(vertx, OAuth2FlowType.AUTH_CODE, new OAuth2ClientOptions().setClientID("CLIENT_ID").setClientSecret("CLIENT_SECRET").setSite("https://accounts.google.com").setTokenPath("https://www.googleapis.com/oauth2/v3/token").setAuthorizationPath("/o/oauth2/auth"));
// create a oauth2 handler on our domain: "http://localhost:8080"
OAuth2AuthHandler oauth2 = OAuth2AuthHandler.create(authProvider, "http://localhost:8080");
// these are the scopes
oauth2.addAuthority("profile");
// setup the callback handler for receiving the Google callback
oauth2.setupCallback(router.get("/callback"));
// protect everything under /protected
router.route("/protected/*").handler(oauth2);
// mount some handler under the protected zone
router.route("/protected/somepage").handler(rc -> rc.response().end("Welcome to the protected resource!"));
// welcome page
router.get("/").handler(ctx -> ctx.response().putHeader("content-type", "text/html").end("Hello<br><a href=\"/protected/somepage\">Protected by Google</a>"));
}
Aggregations