router.route().handler(SessionHandler.create(LocalSessionStore.create(vertx))); OAuth2Auth authProvider = GithubAuth.create(vertx, CLIENT_ID, CLIENT_SECRET); AccessToken user = (AccessToken) ctx.user(); user.userInfo(res -> { if (res.failed()) { user.fetch("https://api.github.com/user/emails", res2 -> { if (res2.failed()) { ctx.fail(res2.cause()); } else { userInfo.put("private_emails", res2.result().jsonArray());
/** * This is a verification step, it can abort the instantiation by * throwing a RuntimeException * * @param provider a auth provider * @return the provider if valid */ private static AuthProvider verifyProvider(AuthProvider provider) { if (provider instanceof OAuth2Auth) { if (((OAuth2Auth) provider).getFlowType() != AUTH_CODE) { throw new IllegalArgumentException("OAuth2Auth + Bearer Auth requires OAuth2 AUTH_CODE flow"); } } return provider; }
private String authURI(String redirectURL) { final JsonObject config = new JsonObject() .put("state", redirectURL); if (host != null) { config.put("redirect_uri", host + callback.getPath()); } if (extraParams != null) { config.mergeIn(extraParams); } if (scopes.size() > 0) { JsonArray _scopes = new JsonArray(); // scopes are passed as an array because the auth provider has the knowledge on how to encode them for (String authority : scopes) { _scopes.add(authority); } config.put("scopes", _scopes); } return ((OAuth2Auth) authProvider).authorizeURL(config); }
OAuth2Auth oauth2 = OAuth2Auth.create(vertx, OAuth2FlowType.AUTH_CODE, new OAuth2ClientOptions() .setClientID("client-id") .setClientSecret("client-secret") .setSite("http://localhost:10000"));
.create( vertx, new OAuth2ClientOptions() .setClientID("dummy-client") .addPubSecKey(new PubSecKeyOptions() .setAlgorithm("RS256") .setPublicKey(
@Test public void testBearerOnly() throws Exception { // lets mock a oauth2 server using code auth code flow OAuth2Auth oauth2 = OAuth2Auth.create(vertx, OAuth2FlowType.AUTH_CODE, new OAuth2ClientOptions().setClientID("client-id")); OAuth2AuthHandler oauth2Handler = OAuth2AuthHandler.create(oauth2); // protect everything under /protected router.route("/protected/*").handler(oauth2Handler); // mount some handler under the protected zone router.route("/protected/somepage").handler(rc -> { assertNotNull(rc.user()); rc.response().end("Welcome to the protected resource!"); }); testRequest(HttpMethod.GET, "/protected/somepage", 401, "Unauthorized"); // Now try again with fake credentials testRequest(HttpMethod.GET, "/protected/somepage", req -> req.putHeader("Authorization", "Bearer 4adc339e0"), 401, "Unauthorized", "Unauthorized"); }
/** * Create a OAuth2 auth provider * * @param vertx the Vertx instance * @return the auth provider */ static OAuth2Auth create(Vertx vertx) { return create(vertx, new OAuth2ClientOptions()); }
((OAuth2Auth) authProvider).decodeToken(token, decodeToken -> { if (decodeToken.failed()) { handler.handle(Future.failedFuture(new HttpStatusException(401, decodeToken.cause().getMessage())));
/** * The Refresh Token if present parsed as a JsonObject * @return JSON */ public JsonObject refreshToken() { if (cached_1 != null) { return cached_1; } JsonObject ret = delegate.refreshToken(); cached_1 = ret; return ret; }
/** * Introspect access token. This is an OAuth2 extension that allow to verify if an access token is still valid. * @param callback - The callback function returning the results. * @return */ public io.vertx.rxjava.ext.auth.oauth2.AccessToken introspect(Handler<AsyncResult<Void>> callback) { delegate.introspect(callback); return this; }
/** * Parse the token string with base64 decoder. * This will only obtain the "payload" part of the token. * @param token token string * @return token payload json object */ public static JsonObject parseToken(String token) { JsonObject ret = io.vertx.ext.auth.oauth2.KeycloakHelper.parseToken(token); return ret; }
/** * The RAW String if available for the Access Token * @return String */ public String opaqueAccessToken() { String ret = delegate.opaqueAccessToken(); return ret; }
/** * Refresh the access token * @param callback - The callback function returning the results. * @return */ public io.vertx.rxjava.ext.auth.oauth2.AccessToken refresh(Handler<AsyncResult<Void>> callback) { delegate.refresh(callback); return this; }
/** * Looks up a HTTP response header by name, in case where the response is a list of headers, * the first one is returned. * @param name of the header to look up * @return the single value for the header. */ public String getHeader(String name) { String ret = delegate.getHeader(name); return ret; }
/** * Revoke refresh token and calls the logout endpoint. This is a openid-connect extension and might not be * available on all providers. * @param callback - The callback function returning the results. * @return */ public io.vertx.rxjava.ext.auth.oauth2.AccessToken logout(Handler<AsyncResult<Void>> callback) { delegate.logout(callback); return this; }
/** * The RAW String if available for the Refresh Token * @return String */ public String opaqueRefreshToken() { String ret = delegate.opaqueRefreshToken(); return ret; }
OAuth2Auth oauth2 = OAuth2Auth.create(vertx, OAuth2FlowType.PASSWORD, new OAuth2ClientOptions() .setClientID("client-id") .setClientSecret("client-secret") .setSite("http://localhost:10000"));
/** * Generate a redirect URL to the authN/Z backend. It only applies to auth_code flow. * @param params * @return */ public String authorizeURL(JsonObject params) { String ret = delegate.authorizeURL(params); return ret; }
OAuth2Auth oauth2 = OAuth2Auth.create(vertx, OAuth2FlowType.AUTH_CODE, new OAuth2ClientOptions() .setClientID("client-id") .setClientSecret("client-secret") .setSite("http://localhost:10000"));