Access Delegation - OAuth 2.

0
 

Introduction:
 
In this tutorial, you will experience how the WSO2 Identity Server (WSO2 IS) can be
used as an OAuth 2.0 authorization server. This tutorial guides you through the OAuth
2.0 application configuration, deployment, and usage scenario.

In this sample, a user will try to login to a web application called pickup-dispatch via a
WSO2 Identity Server and get an access token to call the API to view the vehicle
bookings.

 
 

Setting up:
● Open the etc/hosts/ file and add the following entry to map the new hostname.

127.0.0.1 localhost.com

 
1. Download the latest sample pickup-dispatch sample application from ​here​.
2. Download a ​tomcat server​ tomcat8, run the server on port 8080 and deploy the
pickup-dispatch.war file.
 3. Configure pickup dispatch application as a service provider in WSO2 IS
Management console​.
● Go to Service Providers -> ​ Click on Add under Manual Configuration
Mode and register​ a service provider called “pickup-dispatch”

● Next open​ Inbound Authentication Configuratio​n -> ​OAuth/OpenID

Connect Configuration -> Configure
 

 
 
 
● Put the call-back URL as
http://localhost.com:8080/pickup-dispatch/oauth2client​ ​and click on Add.
  

● Note the OauthClientKey and OauthClientSecret ​of the service provider​ ​for
later use.
 

 
● Click on ​Update​ to save callback URL configurations​.

4. Extract ​pickup-dispatch.war ​and open ​dispatch.properties ​located at

<EXTRACT>/WEB-INF/classes
 5. Replace ​consumerKey​ and ​consumerSecret​ values with ​OAuth client key​ and
OAuth client secret value​ taken from the newly created service provider. And
change the value of scope to “openid internal_application_mgt_view”
 

 
6. Start the Apache Tomcat server.
ex:- By executing ​sh catalina.sh start ​from bin folder
7. Download the ​backend-service.jar​ file from ​here​.
8. Navigate to the location, where backend-service.jar resides and then start the
backend service by executing the following command.
(Tip - For more information about the backend service, see ​Introduction to
Backend Service​)
​ java -jar backend-service-<version>.jar -introspectionEnabled true

The setup is now complete and you can proceed to try out the scenario.
Try It:
1. Run the application by visiting
http://localhost.com:8080/pickup-dispatch/index.jsp​ URL and log in using
preferred user credentials (ex:- admin/admin)
2. Next, you have to provide consent to use your username
3. By default, the backend calls are disabled. Therefore, enable it by ticking the
Backend ​box in the drop-down list as shown in the diagram below:
 
 
 
 

4. Now we can add a new booking by selecting a driver from the drop-down list and
filling passenger details. When you click on the Add button, you can notice the request
sent to ​http://localhost.com:39090/bookings​ contains an authorization header.

5. Furthermore, the user should click on the gear icon on the top-right corner to view the
request and response

6. Similarly, you can view stored bookings. This request too contains an Authorization
header.

If we try sending the same request without an authorization header you will get a 401
Unauthorized response.