[JAVA] Play with Jersey OAuth 2 client

This is the 17th day of Java EE Advent Calendar 2016.

Overview

Jersey, a reference implementation of JAX-RS, has an extension that supports OAuth 2 clients. This time I made a sample using it. By the way, I made the authentication server with Spring.

Sample code is available on GitHub.

Sample description

The application itself is as simple as displaying "Hello, !". The part corresponding to this user name is displayed by acquiring the name of the user authenticated by the authentication server. OAuth 2 gives permission to get user information.

First try to open http: // localhost: 8080 / helloworld.

open-helloworld.png

You will be redirected to the authentication server and prompted to log in.

authentication.png

After logging in, you will be asked if you want to give the helloworld application permission to retrieve user information.

oauth-approval.png

After giving permission, you will be returned to the helloworld application with a greeting.

helloworld.png

Code description

If the access token is not stored in the session, the helloworld application will determine that it is not authorized and use the start method of ʻOAuth2CodeGrantFlow` to get the authorization code to get the access token. Building a redirect URI](https://github.com/backpaper0/javaeeac2016/blob/qiita/helloworld/src/main/java/com/example/UaaFilter.java#L74-L80).

OAuth2CodeGrantFlow flow = OAuth2ClientSupport.authorizationCodeGrantFlowBuilder(
        clientIdentifier, authorizationUri, accessTokenUri)
        .redirectUri(redirectUri)
        .client(client)
        .property(Phase.ALL, OAuth2Parameters.STATE, state.getValue())
        .build();
URI location = URI.create(flow.start());

After authorization, you will be redirected to the URI set by the redirectUri method above, but at this time the authorization code will be attached as a query parameter with the name code. After parsing the request URI to get the code, [pass it to the finish method of ʻOAuth2CodeGrantFlow` to get the access token](https://github.com/backpaper0/javaeeac2016/blob/qiita/helloworld /src/main/java/com/example/UaaFilter.java#L61-L68).

OAuth2CodeGrantFlow flow = OAuth2ClientSupport.authorizationCodeGrantFlowBuilder(
        clientIdentifier, authorizationUri, accessTokenUri)
        .redirectUri(redirectUri)
        .client(client)
        .property(Phase.ALL, OAuth2Parameters.STATE, state.getValue())
        .build();
String state = queryParameters.getFirst("state");
TokenResult tokenResult = flow.finish(code, state);

When retrieving user information, the access token is embedded in the ʻAuthorization header, but it is the [ʻOAuth2ClientSupport`` feature method] that creates a Feature that does this for you [https: // github.com/backpaper0/javaeeac2016/blob/qiita/helloworld/src/main/java/com/example/OAuth2ClientFactory.java#L30). Register this Feature in Client.

public Client client() {
    return ClientBuilder.newBuilder()
            .register(HttpAuthenticationFeature.basic(clientId, clientSecret))
            .register(OAuth2ClientSupport.feature(accessToken.getValue()))
            .build();
}

Summary

Using Jersey's ʻoauth2-client, I was able to create a client application using OAuth 2. However, as you can see from the sample code, I had to make it as it is (although my ʻoauth2-client may be lacking in proficiency). In addition, I tried to make it work for the time being, so I think there are more things to consider when implementing it.

In this way, I wish I could make it easily, but I was satisfied because I could make a moving sample.

Above ⛄️

Recommended Posts

Play with Jersey OAuth 2 client
API integration from Java with Jersey Client
Java to play with Function
GraphQL Client starting with Ruby
I implemented an OAuth client with Spring Boot / Security (LINE login)
[Java EE] Implement Client with WebSocket
Double submit measures with Play Framework
Oauth2 authentication with Spring Cloud Gateway
Play with Markdown in Java flexmark-java
Image processing: Let's play with the image