Skip to main content

Trying out OAuth2 Authorization Code grant with WSO2 Identity Server without the PlayGround2 App



The first thing I did after joining the WSO2 Identity Server team was to test the WSO2 Identity Server 5.2.0-beta pack. I had some experience playing around with OAuth so I started testing OAuth scenarios. I was able to test most grant types with ease. Then came the authorization code grant type. The usual way to test it was to setup the playground2 app and test. I wanted to look for an alternate way to test the Authorization grant type without setting up the app (partly because I was lazy to download tomcat etc. :P )

So with the help of my team member Pushpalanka, I found an alternate way to get an access token by simply using a browser redirect and a curl command. So I wanted to make a note in case someone wanted to do the same :)


1. First, log in to the Identity Server management console.
       the defaults are,
                  username = admin
                  password = admin

2. Go to the Service Provider configuration page and create a Service Provide, let's say SP_lazy :)

3. Go to the Inbound Authentication Configuration setting and enable OAuth/OpenID connect


4. Provide the callback_url as "https://localhost/callback"


5. You can type the following in a browser (better to try in an incognito/private window)

https://localhost:9443/oauth2/authorize?response_type=code&client_id=<cliend_id>&redirect_uri=https://localhost/callback&scope=read
  

6.  You will be prompted to log in and thereafter approve to authorize the SP


you can use the same account you used to log in or any other valid user from the same tenant. (If u you want to allow users from other domains you need to enable SaaS enabled in the Service Provider Inbound Authenticator OAuth configuration)


7. Once you do that you will be redirected and you can find the code in the browser.


8. Copy the code value and use the CURL command below to send a request to the token endpoint to get an access token

curl -k -v --user <client_id>:<client_secret> -d "grant_type=authorization_code&code=<authorization_code>&redirect_uri=https://localhost/callback" https://localhost:9443/oauth2/token 


9. You will get the access_token in the terminal like below,

{"access_token":"22630eaee65fef254e9cd099a96cf793","refresh_token":"ef18653c6b109887d66356254abd09fb","scope":"read","token_type":"Bearer","expires_in":3600}



  

Labels:

Comments

Post a Comment

Popular posts from this blog

OAuth - Playing Ping Pong for Authorization

You probably would have heard the word OAuth more than a few times. Ever wondered what that is? do we use that at all?. Guess what we make use of OAuth almost everyday.I got the opportunity to learn about OAuth during my time at WSO2 Identity Server team. Here's the first step of conquering OAuth :) What Exactly is OAuth? Let me start with OAuth,  OAuth solves the problem of allowing third party entities( eg: applications) to access a resource owner's protected resources without actually giving away your valuable credentials like passwords.  Let's think of it this way. You have a facebook account(Assuming you have one :P) which is your protected resource and you are the resource owner . Now you get a little high and decide to try out one of these fancy Facebook apps that finds your soul mate. The app now becomes the third party application which requires access to read out your friend list from your profile which is the protected resource. Suppose you don't hav
5 comments
Read more

Hello World

            I have been keen on wanting to blog for a long time, but i guess now is the time to do so. Blogs are a great way to share stuff with people so writing one isn't a bad idea. Blogs have been lifesaver for so many nagging problems I have faced during my entire life, so i guess its time for me to payback. Just like a baby would cry out when it comes out to the world, a programmer would essentially write out a line "Hello World!!!" to start off coding in any language( Well at least i do that still :P and I think I am a programmer too :P). Writing about tech stuff hasn't been my forte either but nevertheless I love writing. So let me start off with a big "Hello World !!!"            
1 comment
Read more