search

kakawait / uaa-behind-zuul-sample

Spring AuthorizationServer load balanced behind Zuul
320 stars 156 forks source link

Enable Access Credentials flow via CURL #23

Closed kentoj closed 7 years ago

kentoj commented 7 years ago

This enables retrieval and usage of access token using the password grant type.

For example, the following flow is possible:

➜  # curl --insecure -H "Authorization: Basic $(echo -n 'acme:acmesecret' | base64)" http://localhost:8765/uaa/oauth/token -d grant_type=password -d username=admin -d password=admin | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1410    0  1361  100    49  15529    559 --:--:-- --:--:-- --:--:-- 15643
{
  "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE0OTIwNjE1NDIsInVzZXJfbmFtZSI6ImFkbWluIiwiYXV0aG9yaXRpZXMiOlsiUk9MRV9BRE1JTiJdLCJqdGkiOiJlNjE3YzNkMi01NDVmLTQ1NWYtOGQ5Mi1lNDNhMjg1OTYzNjciLCJjbGllbnRfaWQiOiJhY21lIiwic2NvcGUiOlsib3BlbmlkIl19.BHlLKdCHjFonDRUyPAaxpRF15fyO181r7M-H8izZ-TYm1dNXI4gyHtje1ZJWoRnXbknD518q1a3EaosjWrUspCasgeG2fl2CS8T7auAe4ABdLQu2-qf8L0gF1Go2mIqfzvY4Y0LjsPOO492AcZGQhCn4xcXs3s5ZWq59vUylgvJOrDPXtymNBHKUxCJbneV4xZ1lg90Edu04K5wXEvUdfjHUkHlQs0qXvvKVPxMvmmtXV3wIAQK1YgfLlpNfE62lNNvVRfefOvHOl-UBMpIXUWvNVPnK8Leec8yvvfXnOkaLRKAIjsLr4Z8bL25GUTWNWLd8j4WvFLBFJtaGUj_0sw",
  "token_type": "bearer",
  "refresh_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX25hbWUiOiJhZG1pbiIsInNjb3BlIjpbIm9wZW5pZCJdLCJhdGkiOiJlNjE3YzNkMi01NDVmLTQ1NWYtOGQ5Mi1lNDNhMjg1OTYzNjciLCJleHAiOjE0OTQ2MTAzNDIsImF1dGhvcml0aWVzIjpbIlJPTEVfQURNSU4iXSwianRpIjoiNzZkNmM1NTItZTczNC00YjY4LTgwM2ItNTIzOWY4OGYzM2YwIiwiY2xpZW50X2lkIjoiYWNtZSJ9.I3FnX98l3Hmsknfx4wizBy1ctmQyWKs6y-xHH34hA2_wWWy-GFIXV1kjoQwmEesUmkE-O2aaM-kLxm2Y24qJKdJMqnEwcU5wd19TwqixO9Ad4GpvWl-l-LuSWh-qib3jvOzSBmfAtYY2w7l_KzmYxhZpQVOaEEFsyCfprsM2E65j4NcmnwpY_J89sZxfVXVF8PIxxdw-eLB988M8GA15S9WQ7Wz-VimeqO_XLu-c8zrElj48OIRUWZGu5ySAXhSuFMRDuEmClJ7gsRC3rsm8_GFhGLDOQxCo21Tbl8B8cdr-UF9-CLM8paT6oSb4nF9QCZpfYD6290l1IEwpGrysAg",
  "expires_in": 43199,
  "scope": "openid",
  "jti": "e617c3d2-545f-455f-8d92-e43a28596367"
}
➜  # TOKEN=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE0OTIwNTMzMDksInVzZXJfbmFtZSI6ImFkbWluIiwiYXV0aG9yaXRpZXMiOlsiUk9MRV9BRE1JTiJdLCJqdGkiOiJlODA1NTU5Ny0zMzI3LTQ5MDEtODhlZC0wMjhkZTM3MDFmZTciLCJjbGllbnRfaWQiOiJhY21lIiwic2NvcGUiOlsib3BlbmlkIl19.P7sjBvbMqNLPKJmZHvJszMhbWgMMdHjGdFB3_LxhUtIhhGY46pIzFmaKV8jUXXnG7KfNKs5zdFGuFUK4S91bp9bF9LL3uqsN54GYdrzTlBMn4dpT963UXta0eFnTMF44TBxC1EMK-QQ9VWozVZFzF46f7cj4G4qtvk4brCIbTctB22GSLw3N_Z38tRzriD8rDxG-35KbCQBGzPkBxDXe_U5dXWcifkLXKcGMrGlUphXzxRbjhwTz1GbIrqZ8PtefryszeML66S0gj1uHS1eiRbV_MCzHb0bGxkGk7IFyyI3O0BPLwfgO7gKRVuIi-hKzHR3I8e3PPOqFeiXjGNIpRw
➜  # curl -H 'Content-type: application/json' -H "Authorization: Bearer $TOKEN"  http://localhost:8765/dummy/secret
S3CR3T  - Hello admin%                                                                                                                                                                                                                                                        ➜  #
kakawait commented 7 years ago

Thank for contribution 👍 I will check that asap

kakawait commented 7 years ago

@kentoj thank you for contribution just merged