Skip to main content

Trying out OAuth2 Authorization Code grant with WSO2 Identity Server without the PlayGround2 App



The first thing I did after joining the WSO2 Identity Server team was to test the WSO2 Identity Server 5.2.0-beta pack. I had some experience playing around with OAuth so I started testing OAuth scenarios. I was able to test most grant types with ease. Then came the authorization code grant type. The usual way to test it was to setup the playground2 app and test. I wanted to look for an alternate way to test the Authorization grant type without setting up the app (partly because I was lazy to download tomcat etc. :P )

So with the help of my team member Pushpalanka, I found an alternate way to get an access token by simply using a browser redirect and a curl command. So I wanted to make a note in case someone wanted to do the same :)


1. First, log in to the Identity Server management console.
       the defaults are,
                  username = admin
                  password = admin

2. Go to the Service Provider configuration page and create a Service Provide, let's say SP_lazy :)

3. Go to the Inbound Authentication Configuration setting and enable OAuth/OpenID connect


4. Provide the callback_url as "https://localhost/callback"


5. You can type the following in a browser (better to try in an incognito/private window)

https://localhost:9443/oauth2/authorize?response_type=code&client_id=<cliend_id>&redirect_uri=https://localhost/callback&scope=read
  

6.  You will be prompted to log in and thereafter approve to authorize the SP


you can use the same account you used to log in or any other valid user from the same tenant. (If u you want to allow users from other domains you need to enable SaaS enabled in the Service Provider Inbound Authenticator OAuth configuration)


7. Once you do that you will be redirected and you can find the code in the browser.


8. Copy the code value and use the CURL command below to send a request to the token endpoint to get an access token

curl -k -v --user <client_id>:<client_secret> -d "grant_type=authorization_code&code=<authorization_code>&redirect_uri=https://localhost/callback" https://localhost:9443/oauth2/token 


9. You will get the access_token in the terminal like below,

{"access_token":"22630eaee65fef254e9cd099a96cf793","refresh_token":"ef18653c6b109887d66356254abd09fb","scope":"read","token_type":"Bearer","expires_in":3600}



  

Comments

Post a Comment

Popular posts from this blog

JWT Bearer Grant - OAuth2

Previously I wrote a post on my first step towards understanding OAuth. This post continues builds on that. OAuth has different types of flows targeting various scenarios or use cases. The main feature that differentiates each of these flows is the grant type.

What exactly is an OAuth grant type? An OAuth grant is something that a client application could exchange for an access token from an Authorization Server. An access token typically represents a user's permission for the client application to access the resources on their behalf
OAuth Grant Types The OAuth 2.0 core specification defines four types of grants,
Authorization code grantImplicit grantResource owner credentials grantClient credentials grant In addition to these the core specification also defines a refresh grant type.
There are few new additions to these as well,
Message authentication code (MAC) tokensSAML 2.0 Bearer Assertion ProfilesJSON Web Token grant
I would like to focus on the JSON Web Token Grant in this po…

Configuring a MySQL database as a secondary user store for WSO2 Identity Server

It's been almost a week since I joined WSO2. I am now part of the WSO2 Identity Server team :) So my adventures from now on will revolve around the Identity Management area and security stuff. We are currently on our way to release Identity Server 5.2.0 beta. During alpha testing, I learnt several basics that I thought worth making a note of. Hence, this post as both a note to myself and anyone starts off with WSO2 Identity Server.
A user store is basically where WSO2 IS stores all information about users such as username, password, roles etc.WSO2 Identity Server comes with a built-in LDAP-based primary user store out of the box. This is true for other WSO2 products as well.

However, you also have the option of configuring any JDBC database,external LDAP or an Active Directory as the secondary user store in WSO2 IS and other products.

I will focus on setting up a MySQL database as the secondary user store in WSO2 IS in this post. I will divide the process into to three parts, Gett…