This Blog Is Not Updated Any More.

Check out my new blog on Medium: http://facilelogin.com

Topics: Identity and Access Management, Blockchain, Ethereum, Bitcoin, Security, PSD2, GDPR



Monday, March 7, 2016

Adding OAuth 2.0 Token Introspection Support to WSO2 Identity Server 5.1.0

WSO2 Identity Server 5.2.0 will have the support for OAuth 2.0 token introspection profile. If you are using Identity Server 5.1.0, this blog post explains how to build and deploy the introspection API on IS 5.1.0.

1. Checkout and build the code from https://github.com/facilelogin/aratuwa/tree/master/api-security/org.wso2.carbon.identity.oauth.introspection  and deploy it as a war file in IS 5.1.0 (IS_HOME/repository/deployment/server/webapps/).

2. Restart the Identity Server and now you should be able to use the introspection API.

3. Find below the usage of the introspection API.
 
   Empty token:

   curl -k -H 'Content-Type: application/x-www-form-urlencoded' -X POST --data 'token=' https://localhost:9443/introspect

   Response: {"active":false} 
   Invalid token: 

   curl -k -H 'Content-Type: application/x-www-form-urlencoded' -X POST --data 'token=Bjhk98792k9hkjhk' https://localhost:9443/introspect 

   Response: {"active":false,"token_type":"bearer"} 
   Get a valid token(replace the value of client_id:client_secret appropriately): 

   curl -v -X POST --basic -u client_id:client_secret -H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" -k -d "grant_type=client_credentials" https://localhost:9443/oauth2/token 

   Validate the token:

   curl -k -H 'Content-Type: application/x-www-form-urlencoded' -X POST --data 'token=99f0a7092c71a6e772cbcf77addd39ea' https://localhost:9443/introspect 

   Response: 
   { "username":"admin@carbon.super", 
     "nbf":3272, 
     "active":true, 
     "token_type":"bearer", 
     "client_id":"LUG28MI5yjL5dATxQWdYGhDLSywa" 
   } 
   Get a valid token with a scope(replace the value of client_id:client_secret appropriately): 

   curl -v -X POST --basic -u LUG28MI5yjL5dATxQWdYGhDLSywa:b855n2UIxixrl_MN_juUuG7cnTUa -H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" -k -d "grant_type=client_credentials&scope=test1 test2" https://localhost:9443/oauth2/token 

   Validate the token:

   curl -k -H 'Content-Type: application/x-www-form-urlencoded' -X POST --data 'token=c78ac96fe9b59061b53d0223d46ecc24' https://idp1.federationhub.org:9443/introspec  

   Response: 
    { "username":"admin@carbon.super", 
      "scope":"test1 test2 ", 
      "nbf":3240, 
      "active":true, 
      "token_type":"bearer", 
      "client_id":"LUG28MI5yjL5dATxQWdYGhDLSywa" 
    }

0 comments: