OAuth 2.0

1. Add your OAuth Server

The main feature of the API Gateway is to proxy the requests to a different service, so let's do this. Now that you are authenticated, you can send a request to /oauth/servers to create a proxy.

HTTPie
CURL
http -v POST localhost:8081/oauth/servers "Authorization:Bearer yourToken" "Content-Type: application/json" < examples/front-proxy-auth/auth/auth.json
curl -X "POST" localhost:8081/oauth/servers -H "Authorization:Bearer yourToken" -H "Content-Type: application/json" -d  @examples/front-proxy-auth/auth/auth.json

2. Verify that your API has been added

You can use the REST API to query all available APIs and Auth Providers. Simply make a request to /oauth/servers.

HTTPie
CURL
http -v GET localhost:8081/oauth/servers "Authorization:Bearer yourToken" "Content-Type: application/json"
curl -X "GET" localhost:8081/oauth/servers -H "Authorization:Bearer yourToken" -H "Content-Type: application/json"

3. Forward your requests through Janus

Issue the following cURL request to verify that Janus is properly forwarding requests to your OAuth Server.

This request is an example of a simple client_credentials flow of OAuth 2.0, you can try any flow that you like.

HTTPie
CURL
http -v GET http://localhost:8080/auth/token?grant_type=client_credentials "Authorization: Basic YourBasicToken"
curl -X "GET" http://localhost:8080/auth/token?grant_type=client_credentials -H "Authorization: Basic YourBasicToken" -H "Content-Type: application/json"

Reference

Configuration Description
name The unique name of your OAuth Server
oauth_endpoints.authorize Defines the proxy configuration for the authorize endpoint
oauth_endpoints.token Defines the proxy configuration for the token endpoint
oauth_endpoints.introspection Defines the proxy configuration for the introspection endpoint
oauth_endpoints.revoke Defines the proxy configuration for the revoke endpoint
oauth_client_endpoints.create Defines the proxy configuration for the create client endpoint
oauth_client_endpoints.remove Defines the proxy configuration for the remove client endpoint
allowed_access_types The allowed access types for this oauth server
allowed_authorize_types The allowed authorize types for this oauth server
auth_login_redirect The auth login redirect URL
secrets A map of client_id: client_secret that allows you to authenticate only with the client_id
token_strategy.name The token strategy for this server. Could be introspection or jwt
token_strategy.settings Token strategy settings, see bellow by strategy
token_strategy.leeway Token date fields validation leeway to solve clock skew problem

Token Strategy Settings

jwt

JWT token validation strategy performs token validation against signature and expiration date. Currently the following signature methods are supported:

  • HS256 - HMAC with SHA256 hash (symmetric key)
  • HS384 - HMAC with SHA384 hash (symmetric key)
  • HS512 - HMAC with SHA512 hash (symmetric key)
  • RS256 - RSA with SHA256 hash (asymmetric key)
  • RS384 - RSA with SHA384 hash (asymmetric key)
  • RS512 - RSA with SHA512 hash (asymmetric key)

Settings structure has the following format:

[
    {"alg": "<alg1>", "key": "<key1>"},
    {"alg": "<alg2>", "key": "<key2>"},
    ...
]

List of signing methods allows signing method and keys rotation w/out immediate invalidation of the old one, so the tokens signed with old and new methods will be valid.

For backward compatibility the following settings format is also valid: {"secret": "<key>"} that is equal to the new format [{"alg": "HS256", "key", "<key>"}].

results matching ""

    No results matching ""