A simple authentication services by using spring security and oauth2.
git clone https://github.com/winar-jin/authentication.git
- Go to the root of this repository:
cd authentication
- Run
./gradlew build
to build the project - Run
./gradlew bootRun
to run the project, when you see "Tomcat started on port(s): 8080 (http) with context path", that means you run successful.
- Register a new user:
- Request:
POST /api/register HTTP/1.1 Host: localhost:8080 Content-Type: application/json { "userName":"test2", "passWord":"111", "phoneNumber": "110", "email":"[email protected]" }
- Response:
{ "id": 1, "userName": "test2", "passWord": "$2a$11$1ucbwvijeV6Iga0BhpY0xOTOuJm4N9KUtozeJAFKMCXiBujzauquG", "phoneNumber": "110", "email": "[email protected]" }
- Search user info by
userName
- Request:
GET /api/users/test2 HTTP/1.1 Host: localhost:8080
- Response:
{ "id": 1, "userName": "test2", "passWord": "$2a$11$1ucbwvijeV6Iga0BhpY0xOTOuJm4N9KUtozeJAFKMCXiBujzauquG", "phoneNumber": "110", "email": "[email protected]" }
- Get token by
username
andpassword
- Request:
GET /oauth/token?username=test2& password=111& grant_type=password& scope=read& client_id=web& client_secret=123456 HTTP/1.1 Host: localhost:8080
- Response:
{ "access_token": "816839ac-8e2b-4803-a0ab-e5c4d7baf5d8", "token_type": "bearer", "refresh_token": "a9fc2ab3-6c4b-4c77-914f-90013bb3e01a", "expires_in": 599, "scope": "read" }
- Get item by
itemId
, "/item/{id}" is a authorization api, you have to request with a valid access token.- Right Request:
GET /item/23 HTTP/1.1 Host: localhost:8080 Authorization: Bearer 816839ac-8e2b-4803-a0ab-e5c4d7baf5d8
- Right Response:
With authentication, the item id is 23.
- Wrong Request:
GET /item/23 HTTP/1.1 Host: localhost:8080 Authorization: Bearer 816839ac-8e2b-4803-a0ab-e5c4d7baf
- Wrong Response:
{ "error": "invalid_token", "error_description": "Invalid access token: 816839ac-8e2b-4803-a0ab-e5c4d7baf" }
- Get user info by token.
- Request:
GET /api/user HTTP/1.1 Host: localhost:8080 Authorization: Bearer 816839ac-8e2b-4803-a0ab-e5c4d7baf5d8
- Response:
test2
- Get all valid token by
clientId
.- Request:
GET /api/oauth/tokens?clientId=web HTTP/1.1 Host: localhost:8080
- Response:
[ "816839ac-8e2b-4803-a0ab-e5c4d7baf5d8" ]
- Refresh token by
refresh_token
.
When your access token expire, it will become a invalid token. Then you can use refresh token to get a new token. Usually the refresh token will live longer than access token. But after you logout the access token, the related refresh token will be invalid too.
* Request:
```
GET /oauth/token?grant_type=refresh_token& refresh_token=a9fc2ab3-6c4b-4c77-914f-90013bb3e01a& client_id=web& client_secret=123456 HTTP/1.1
Host: localhost:8080
```
* Response:
```json
{
"access_token": "28a46478-fe66-4476-a59e-df6653dbd510",
"token_type": "bearer",
"refresh_token": "5faf880b-8d67-4fe1-8563-4ae148c40c88",
"expires_in": 599,
"scope": "read"
}
```
- Logout by
token
andclientId
.
After you logout, the token will become invalid, then you can't use the invalid token to access to the authorization request.
* Request:
```
GET /api/logout?clientId=web HTTP/1.1
Host: localhost:8080
Authorization: Bearer 816839ac-8e2b-4803-a0ab-e5c4d7baf5d8
```
* Response:
```
logout successful!
```