Skip to content

Commit

Permalink
improve readme
Browse files Browse the repository at this point in the history
  • Loading branch information
andifalk committed Oct 17, 2023
1 parent ee61e59 commit d094918
Show file tree
Hide file tree
Showing 5 changed files with 25 additions and 5 deletions.
3 changes: 2 additions & 1 deletion intro-labs/auth-code-in-action/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,7 @@ The spring authorization server follows this recommendation and uses a really sh

You can also try more features of this demo by specifying these spring profiles:

* Without any profile: The demo just runs as OAuth 2 client and only gets an access token
* Without any profile: The demo just runs OAuth 2 mode and only gets an access token
* With profile `login`: This demo enforces a re-login independent of an existing session at the authorization server.
* With profile `oidc`: This demo runs in OpenID Connect mode and also gets an ID token
* With profile `pkce`: This demo enables Proof Key for Code Exchange (PKCE) instead of using client_secret for getting a token.
Original file line number Diff line number Diff line change
Expand Up @@ -3,3 +3,8 @@ democlient:
pkce: true
token:
client-secret:
authorization:
scope:
- openid
- profile
- offline_access
8 changes: 4 additions & 4 deletions intro-labs/oauth-grants/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -91,14 +91,14 @@ This grant cannot be performed in _curl_ or _httpie_ because of the interactive
The required parameters for the authorization code grant are shown here:

| Parameter | Value |
| ----------------- | -------------------------------------- |
| ----------------- |----------------------------------------|
| authorization url | http://localhost:9000/oauth2/authorize |
| token url | http://localhost:9000/oauth2/token |
| grant\_type | code |
| client\_id | demo-client |
| client\_secret | secret |
| scope | openid |
| redirect\_uri | http://127.0.0.1:9095/callback |
| redirect\_uri | http://127.0.0.1:9095/client/callback |

### Postman

Expand All @@ -123,13 +123,13 @@ Spring Authorization Server uses a really short authorization code lifetime of 5
The required parameters for the authorization code grant + PKCE are shown here:

| Parameter | Value |
| ----------------- | -------------------------------------- |
| ----------------- |----------------------------------------|
| authorization url | http://localhost:9000/oauth2/authorize |
| token url | http://localhost:9000/oauth2/token |
| grant\_type | code |
| client\_id | demo-client-pkce |
| scope | openid |
| redirect\_uri | http://127.0.0.1:9095/callback |
| redirect\_uri | http://127.0.0.1:9095/client/callback |

You might notice that the client\_secret is not required any more. This is because with the addition of PKCE the static credentials of client\_secret is replaced by dynamically generated and calculated credentials (the code verifier and code challenge).

Expand Down
14 changes: 14 additions & 0 deletions setup/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -23,12 +23,26 @@ Please also follow the instructions in the next sections and also for [Running t
All spring boot based java projects can either be run using your Java IDE or using the command line
with changing into the corresponding project directory and issuing a `./mvnw spring-boot:run` command.

In case you need to specify a spring profile you can specify this as environment variable, like with maven (i.e. the `spring` profile):

`./mvnw spring-boot:run -Dspring.profiles.active=spring`

If you run the application inside your IDE then you need to specify it as Java VM environment variable as well: `-Dspring.profiles.active=spring`.

## Postman Collection

To make it easier to test the REST API endpoints of the product service a postman collection is provided in the directory `/setup/postman`.
If you have not yet installed postman please go to [Postman](https://www.postman.com/downloads/).
When you have postman installed you can just import the provided collection.

### Using Insomnium

As Postman changed the licensing, so that all collections are always stored in the cloud (in the US for free accounts), this may be a problem for some users.
Unfortunately, the first-class alternative [Insomnia](https://github.com/Kong/insomnia) just went the same way, so cannot save collections locally anymore.
Luckily, there is a new open-source fork still storing collections locally. You can download this application at [Insomnium](https://github.com/ArchGPT/insomnium).

![Insomnium](images/insomnium.png)

## OpenID Connect Identity Providers

This workshop requires a OAuth 2.0 / OpenID Connect 1.0 compliant identity provider.
Expand Down
Binary file added setup/images/insomnium.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.

0 comments on commit d094918

Please sign in to comment.