How to use OAuth2RestTemplate?

You can find examples for writing OAuth clients here: https://github.com/spring-projects/spring-security-oauth In your case you can’t just use default or base classes for everything, you have a multiple classes Implementing OAuth2ProtectedResourceDetails. The configuration depends of how you configured your OAuth service but assuming from your curl connections I would recommend: @EnableOAuth2Client @Configuration class MyConfig{ @Value(“${oauth.resource:http://localhost:8082}”) private … Read more

How to generate an HMAC in Java equivalent to a Python example?

HmacSHA1 seems to be the algorithm name you need: SecretKeySpec keySpec = new SecretKeySpec( “qnscAdgRlkIhAUPY44oiexBKtQbGY0orf7OV1I50”.getBytes(), “HmacSHA1”); Mac mac = Mac.getInstance(“HmacSHA1”); mac.init(keySpec); byte[] result = mac.doFinal(“foo”.getBytes()); BASE64Encoder encoder = new BASE64Encoder(); System.out.println(encoder.encode(result)); produces: +3h2gpjf4xcynjCGU5lbdMBwGOc= Note that I’ve used sun.misc.BASE64Encoder for a quick implementation here, but you should probably use something that doesn’t depend on the Sun … Read more

Keycloak integration in Swagger

Swagger-ui can integrate with keycloak using the implicit authentication mode. You can setup oauth2 on swagger-ui so that it will ask you to authenticate instead of giving swagger-ui the access token directly. 1st thing, your swagger need to reference a Security definition like: “securityDefinitions”: { “oauth2”: { “type”:”oauth2″, “authorizationUrl”:”http://172.17.0.2:8080/auth/realms/master/protocol/openid-connect/auth”, “flow”:”implicit”, “scopes”: { “openid”:”openid”, “profile”:”profile” } … Read more

Library for OAuth Provider (Java) [closed]

Scribe is an OAuth library for Java, written by the asker himself. 😉 Note: I post this here as an answer so that other googlers have a choice of alternatives. For another library-based alternative, see my other answer “Jersey OAuth signature library”. Some code to illustrate usage: OAuthService service = new ServiceBuilder() .provider(TwitterApi.class) .apiKey(“your_api_key”) .apiSecret(“your_api_secret”) … Read more

How to properly use Bearer tokens?

1.Improving the security because if token is not sent in the header that sent in url, it will be logged by the network system, the server log …. 2.A good function to get Bearer tokens /** * Get header Authorization * */ function getAuthorizationHeader(){ $headers = null; if (isset($_SERVER[‘Authorization’])) { $headers = trim($_SERVER[“Authorization”]); } else … Read more

Implementation HMAC-SHA1 in python

Pseudocodish: def sign_request(): from hashlib import sha1 import hmac # key = b”CONSUMER_SECRET&” #If you dont have a token yet key = b”CONSUMER_SECRET&TOKEN_SECRET” # The Base String as specified here: raw = b”BASE_STRING” # as specified by OAuth hashed = hmac.new(key, raw, sha1) # The signature return hashed.digest().encode(“base64”).rstrip(‘\n’) Signature errors usually reside in the base-string, … Read more