i in process of spinning microservices system central authorization server grants tokens different scopes accessing individual micro-service.
here picture explaining various service calls. numbers marked requests made in chronological order.
1) in nut-shell, want auth server return access-token user identifer (id) , scope when controller makes login call. following example taken spring tutorial (but missing id). how can have id retured token returned?. prefer not make rest call proposed in tutorial.
$ curl acme:acmesecret@localhost:9999/uaa/oauth/token \ -d grant_type=authorization_code -d client_id=acme \ -d redirect_uri=http://example.com -d code=jywioi {"access_token":"2219199c-966e-4466-8b7e-12bb9038c9bb","token_type":"bearer","refresh_token":"d193caf4-5643-4988-9a4a-1c03c9d657aa","expires_in":43199,"scope":"openid"} 2) how photo service receives access token in "authorization bearer" header checks auth server see token valid , has scope required access photo. (for example, if auth server responds list of scopes token eligible for, post service can check among list of scopes, if can provide access).
3) on side note, see -d code=jywioi passed in above request, not sure why passed , whats purpose of it?
here answers questions.
- how can have id retured token returned?
you need tokenenhancer job. here relevant stackoverflow questio example - can include user information while issuing access token?
- how photoservice checks authserver validity , required scopes?
it doesn't. whole beauty of architecture. scopes , validity part of token itself. photo service receives token , decodes information it. unless otherwise, may using jwt tokens. if go website, see example of token , decoded value side side. here screenshot quick reference. 
- why
-d code=jywioipassed?
i not sure. -d parameter of curl(man page here) used send data server. quite sure there mistake parameter , additional request , hence, server ignore it. should fine, removed it.
Comments
Post a Comment