Rest security with oauth 2.0
Download as PPTX, PDF2 likes1,317 views
The document discusses how to secure a RESTful web service using OAuth 2.0 authentication in three steps: 1) Obtain a secret code by authorizing with a client ID and credentials, 2) Use the secret code to obtain an access token, and 3) Include the access token in the header when accessing the secured web service. An example Mule flow is provided to demonstrate implementing OAuth 2.0 security for a REST API using the authorization code grant type.
Rest security with oauth 2.0
- 1. By Anirban Sen Chowdhary
- 2. We often required to secure our web services specially those are accessed by the external world. What about securing a RESTful web services ???
- 4. Yes .. We can .. I will show you this trick .. How ??
- 5. We can easily secure our REST service using OAUTH 2.0
- 6. For implementing OAUTH 2.0 in our REST web service we require 3 steps :- • Authorisation to obtain a secret code • Use that secret code to obtain an access_token • Use the access_token to validate and access the web service
- 7. Let us we have following Mule flow:- Here is our web service which will be secured by using OAUTH 2.0 security. You can see the OAUTH 2.0 component is placed between HTTP and CXF component which will validate the access_token and will permit to accesses the web service
- 8. The corresponding Mule flow will be as follows:- Here is you can see OAUTH 2.0 is validating the access_token coming from HTTP
- 9. Here you can see we have configured the Spring security with username and password to obtain a secret code. Also in oauth2 provider config we configured client id and client secret
- 10. Authorization to obtain a secret code
- 11. Now we will go with first step : Step 1 :- Authorisation to obtain a secret code We will put the following url in browser :- http://localhost:8084/tweetbook/api/authorize?response_type=code&client_id=e7aaf348-f08a-11e1- 9237-96c6dd6a022f&scope=READ_BOOKSHELF&redirect_uri=http://localhost:8082/getData/insert You can see we are passing client id and client code in our url and we will get the above page for login
- 12. We will be providing the username and password configure in our Spring security in Mule Config:- username john and password is doe in our case, and we will hit login and Authorize button
- 13. We will get a secrete code in browser url as following :- We will use that secret code to obtain an access_token
- 14. Use that secret code to obtain an access_token
- 15. Now we will go with second step : Step 2 :- Use that secret code to obtain an access_token We need to include the secret code in our url as follows :- http://localhost:8084/tweetbook/api/token?grant_type=AUTHORIZATION_CODE&client_id=e7aaf348-f08a-11e1- 9237-96c6dd6a022f&client_secret=ee9acaa2-f08a-11e1-bc20- 96c6dd6a022f&code=lkE9VJmNmTBbzVl1plkMffuj3jlIOavtWeaWsxk3gVMglbfo_dvGnX9HJoXMSOGPw29E2H00kwX8 5YOxNlLFTg&redirect_uri=http://localhost:8082/getData/insert We will use that secret code to obtain an access_token. And now you can see we got the access_token in the browser. And this access_token will be using to access our web service
- 16. Use the access_token to validate and access the web service
- 17. Now we will go with third step : Step 3 :- Use the access_token to validate and access the web service We need the access_token to be pass as a header when accessing web service as follows You can see we are using REST Client for testing our web service and passing the access_token in the header
- 18. Now, you can see that if we hit the web service in the REST Client with the an access_token in the header, the secured service is providing the response
- 19. In my next slide I will bring some other techniques in Mule implementation . Hope you have enjoyed this simpler version. Keep sharing your knowledge and let our Mule community grow