8000 GitHub - jacobstanley/oauth2-jwt: OAuth 2.0 JSON Web Token flow, commonly known as "two-legged OAuth 2.0"
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

jacobstanley/oauth2-jwt

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
.buildkite
.buildkite
 
 
.ci
.ci
 
 
client
client
 
 
edge
edge
 
 
example
example
 
 
integration
integration
 
 
server
server
 
 
store
store
 
 
util
util
 
 
.golangci.yml
.golangci.yml
 
 
README.md
README.md
 
 
design.md
design.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 

Repository files navigation

oauth2-jwt

Build status

OAuth 2.0 JSON Web Token flow, commonly known as "two-legged OAuth 2.0"

See: https://tools.ietf.org/html/draft-ietf-oauth-jwt-bearer-12

Code

client - Designed to be used with clients interacting with APIs externally

integration - end to end integration test of oauth workflow

server - resources for support authorization-grant endpoint

edge - library for edge services to validate requests

store - backing store for long live key storage

Using OAuth 2.0 to Access Formation APIs

Basic Steps

Related google oauth 2.0 flow

  1. Obtain OAuth 2.0 Credentials from the console

  2. Obtain an access token from the Formation Authorization Server.

  3. Send the access token to an API.

  4. Refresh the access token, if necessary.

Detailed Steps

1. Obtain OAuth 2.0 Credentials from the console

see UI documentation

2. Obtain an access token from the Formation Authorization Server.
Preparing to make an authorized API call

Related google documentation

  1. Obtain the client ID and private key from the console

  2. Create a JSON Web Token which includes a header, a claim set, and a signature.

  3. Request an access token from the Formation OAuth 2.0 Authorization Server.

  4. Handle the JSON response that the Authorization Server returns.

flow

3. Send the access token to an API.
Calling APIs

Related google documentation

Include the access token in a request to the API by including an Authorization HTTP header Bearer value.

curl example

curl -H "Authorization: Bearer access_token" $ENDPOINT
4. Refresh the access token, if necessary.

Access tokens issued by the Formation OAuth 2.0 Authorization Server after the duration provided by the expires_in value. When an access token expires, then the application should generate another JWT, sign it, and request another access token.

Standards

Will be implemented with ietf standards.

Follows the OAuth2 2.0 flow.

Setup environment

go run ./util server-bootstrap

Store in secrets manager: <env>/private-key

Store public key for edge services

echo '<public-key>' | base64 -w 0

About

OAuth 2.0 JSON Web Token flow, commonly known as "two-legged OAuth 2.0"

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Go 99.1%
  • Shell 0.9%
0