欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  数据库

Testing WSO2 Identity Server OAuth 2.0 support with Curl

程序员文章站 2022-06-11 15:38:58
...

WSO2 Identity Server adds OAuth 2.0 support from it's very next release. Hopefully by the end of this August. OAuth Core specification supports four grant types. 1. Authorization Code Grant (authorization_code) 2. Implicit Grant 3. Resourc

WSO2 Identity Server adds OAuth 2.0 support from it's very next release. Hopefully by the end of this August. OAuth Core specification supports four grant types.

1. Authorization Code Grant (authorization_code)
2. Implicit Grant
3. Resource Owner Password Credentials Grant (password)
4. Client Credentials Grant (client_credentials)

In this blog post we only talk about last two grant types - since those can be directly executed via curl.

First you need to download the WSO2 Identity Server 4.0.0 server from here.

1. Start the server
2. Login with admin/admin
3. Main/Manage/OAuth/Register New Application

Testing WSO2 Identity Server OAuth 2.0 support with Curl













4. Select OAuth 2.0
5. Give an Application Name and any Callback Url [need not to be real for this case]

Testing WSO2 Identity Server OAuth 2.0 support with Curl


















6. Once you click on "Add" you will be taken to the OAuth Management page
7. Click on the application you just created.

Testing WSO2 Identity Server OAuth 2.0 support with Curl













8. Copy the values of Client Id and Client Secret -- we need these values later.

Testing WSO2 Identity Server OAuth 2.0 support with Curl






















Now lets see how we get an access token from Identity Server via curl.


This is how it works under Resource Owner Password Credentials grant type.

This is useful when the end user or the resource owner trusts the application. I will not talk about the advantages and disadvantages of this grant type here - will have another blog post on that. Anyway this is a grant type you should use with extra care.

$ curl --user Client_Id:Client_Secret -k -d "grant_type=password&username=admin&password=admin" -H "Content-Type:application/x-www-form-urlencoded" https://localhost:9443/oauth2/token

You need to replace Client_Id:Client_Secret with your values...

The response would be something like...

{"token_type":"bearer",
"expires_in":3600,
"refresh_token":"d78e445a78c9bdce17f349068495ebe",
"access_token":"3a1d3e2983fafc73eec3f894cb6eb4"}

Now you can use this access_token to access the protected resource.

Let's how to execute curl to get an access_token with Client Credentials Grant type. Here the client becomes the resource owner. Almost similar to 2-legged OAuth we talked under OAuth 1.0.

curl --user Client_Id:Client_Secret -k -d "grant_type=client_credentials&username=admin&password=admin" -H "Content-Type:application/x-www-form-urlencoded" https://localhost:9443/oauth2/token

You need to replace Client_Id:Client_Secret with your values...

The response would be.

{"token_type":"bearer",
"expires_in":3600,

"access_token":"9cdd18286e27dd768b74577276f217be"}



http://blog.facilelogin.com/2012/08/testing-wso2-identity-server-oauth-20.html