Objective of this Assignment:
Implementation of OAuth 2.0 Authorization Code Grant Flow into a previously created application.
You will be able to demonstrate the working application using authN/Z data from Github.
Pre-Assignment Instructions:
1. To prepare you for this assignment, read the modules 9 and 10 content and follow the embedded learning activities.
2. In this final portion of the assignments, you will be working with only one service.
a. The UserManagementService which will be used for OAuth 2.0 purposes.
3. To use GitHub’s OAuth 2.0 authentication system for login, you must first Add a new GitHub app.
a. You need to create your GitHub account and then add a new application at the following:
i. https://github.com/settings/developers.
ii. Click the button – New OAuth App and follow the instructions.
b. As an Application name you can enter anything you want to;
c. Homepage URL should be http://localhost:8080;
d. Authorization callback URL should be: http://localhost:8080/login/oauth2/code/github
4. Click Register Application
The default redirect URI template is {baseUrl}/login/oauth2/code/{registrationId}. The registrationId is a unique identifier, but in this case it’s value equals to “github”. That means you need to specify the same structure in your application.yaml file for Spring Boot:
registration:
clientId: github-client-id
clientSecret: github-client-secret
and then use the appropriate github-client-id and github-client-secret obtained from GitHub.
5. For simplicity reasons, in this step you may not want to use your microK8s cluster, because only one service is required. However, if you do choose to have a fully working application – this is a good choice.
6. Please pay attention to use “bridged networking” in your VM if you continue to work from VM.
Assignment description:
At this point you will be working on only one task – user authentication using UserManagementService.
1. You need to build the OAuth 2.0 Authorization Code Grant Flow in accordance with RFC 6749 (https://tools.ietf.org/html/rfc6749#section-4.1).
2. As an Authorization Server you will be using GitHub, all other services will be your own, working on your localhost.
3. Since we’ve confirmed that the rest of your application (from Assignments #1-3) is successfully working, all you need to do is correct UserManagementService in such a way that it will generate a token based on data, obtained from the Authorization Provider (in this particular case it is GitHub) after a user logs in.
a. As a good starting point you may use this tutorial: https://spring.io/guides/tutorials/spring-boot-oauth2/
4. Once you have received the user data, the UserManagementService must generate a JWT token, correlated to the user logged in, based on the user’s email, user’s name and demonstrate that token on the main page user supposed to see after login.
a. NOTE: You MUST implement the login page as HTML page to login. Please take a look how to do that in the “Add a Welcome Page” section of the https://spring.io/guides/tutorials/spring-boot-oauth2/ tutorial.
5. In the next step, when the user tries to reach API of another service, the user will provide that token as part of the request and another service will ask the UserManagementService the following questions (through another call to UMS):
a. Whether that token valid (not expired);
b. If yes, which role is that token associated with.
6. At the end of this, depending on the UMS’s response, the target service should either perform the request or return a 401 status.
Assignment Tasks:
After preparation and code implementation from the previous assignments, the point has come in your application for which you must implement Authorization.
What you should do:
1. Implement OAuth 2.0 Authorization Code Grant Flow into UserManagementService. Use UUID for tokenizing transmitted data. If you will implement JWT – it is considered a bonus.
2. The end result of this assignment should provide you with a working and tested code, providing OAuth 2.0 Authorization Code Grant Flow with GitHub as Authorization Provider.