3 lines of code to quickly implement Spring Boot Oauth2 service

The 3 lines of code here does not mean that I really only need to write 3 lines of code, but it is based on a Spring Boot Oauth2 service that I have already written. You only need to modify 3 lines of database configuration information to get a Spring Boot Oauth2 service.

Project address https://github.com/jeesun/oauthserver

oauthserver

Introduction

oauthserver is a complete standalone Oauth server based on Spring Boot Oauth2. Just create the relevant data table, modify the connection information of the database, and you can get an Oauth server.

Supported relational databases:

• PostgreSQL
• MySQL

Implemented features:

1. Integrate Spring Boot Oauth2 to implement Oauth service;
2. The token is saved to the relational database;
3. Log records are saved to a file and archived on a daily basis;
4. Database connection information encryption;
5. Integrated Druid database connection pool.

manual

1. Create a table

• PostgreSQL
  please execute src/main/resources/schema-pg.sqlto complete the creation of the data table and the import of test data.

• 
  Please execute MySQL to src/main/resources/schema-mysql.sqlcomplete the creation of the data table and the import of test data.

  2. Modify the database connection information

  In application.yml, the connection information of the database is configured. Among them, the configuration items username and password are encrypted by jasypt and cannot be filled in plain text directly. The encryption key is jasypt.encryptor.passwordconfigured by . You need to use the UtilTests tool in the test directory to get the encrypted string.

• PostgreSQL

  # PostgreSQL连接信息
  driver-class-name: org.postgresql.Driver
  url: jdbc:postgresql://127.0.0.1:5432/thymelte?useUnicode=true&characterEncoding=UTF-8
  username: ENC(hTpbG9fq+7P3SntmXuNtDxbtWDqRuPV+)
  password: ENC(abdq6LyOspryFQHCqzEMTxRozyJVjIA4)

• MySQL

  # MySQL连接信息
  driver-class-name: com.mysql.jdbc.Driver
  url: jdbc:mysql://127.0.0.1:3306/test?useUnicode=true&characterEncoding=utf-8&useSSL=false
  username: ENC(YiYjVwTulDGN//YaB3KbuA==)
  password: ENC(9oaIJkFgGSDFaHH3OXY63RHWQ+amDmiJ)

  3. Run

  Now, everything is ready. Run the project, when the program starts successfully, it means that you have successfully configured.

  4. Test

  While building the table, I have added test data to the table. The values ​​of the following request parameters are all test data, which can be found in the data sheet. Please modify the corresponding value in the data table according to your needs.

In the oauth_client_detailstable table , there is already a piece of test data. The value of the column client_idsum corresponds to the value of the request parameter sum of client_secretBasic Oauth, respectively . The column and column represent the validity period of access_token and refresh_token respectively, in seconds. The test data is 7200 and 5184000, representing 2 hours and 2 months (60 days), respectively. This is a more reasonable setting for the validity period, you can refer to it.usernamepasswordaccess_token_validityrefresh_token_validity

All token-related interfaces require Basic Oauth authentication.

1. Obtain access_token based on username and password

POST http://localhost:8182/oauth/token?grant_type=password&username=jeesun&password=1234567890c

Successful example:

{
    "access_token": "ca582cd1-be6c-4a5a-82ec-10af7a8e06eb",
    "token_type": "bearer",
    "refresh_token": "c24a6143-97c8-4642-88b9-d5c5b902b487",
    "expires_in": 3824,
    "scope": "read write trust"
}

Example of failure (wrong username or password)

{
    "error": "invalid_grant",
    "error_description": "Bad credentials"
}

2. Check access_token

GET http://localhost:8182/oauth/check_token?token=ca582cd1-be6c-4a5a-82ec-10af7a8e06eb

Successful example

{
    "aud": [
        "oauth2-resource"
    ],
    "exp": 1524507296,
    "user_name": "jeesun",
    "authorities": [
        "ROLE_ADMIN",
        "ROLE_USER"
    ],
    "client_id": "clientIdPassword",
    "scope": [
        "read",
        "write",
        "trust"
    ]
}

Example of failure (access_token has expired)

{
    "error": "invalid_token",
    "error_description": "Token was not recognised"
}

3. Obtain a new access_token according to refresh_token

POST http://localhost:8182/oauth/token?grant_type=refresh_token&refresh_token=c24a6143-97c8-4642-88b9-d5c5b902b487

Successful example

{
    "access_token": "690ecd7d-f2b7-4faa-ac45-5b7a319478e8",
    "token_type": "bearer",
    "refresh_token": "c24a6143-97c8-4642-88b9-d5c5b902b487",
    "expires_in": 7199,
    "scope": "read write trust"
}

app practice guide

After the app obtains the token information, it needs to save the token information and request time. Before passing the access_token, you need to check whether the access_token has expired. To reduce background pressure, checking whether the access_token has expired should be done locally in the app. By comparing the value of the token's key expires_in(remaining validity period) and the locally recorded request time with the current time, it is easy to determine whether the access_token has expired. If it expires, you need to obtain a new access_token through refresh_token. Because the access_token is only valid for 2 hours, this verification is required. The same is true for refresh_token.