OAuth 2 Framework for RESTful APIs

-

What is RESTful API?

A RESTful API is an application program interface (API) that uses HTTP requests to GET, PUT, POST and DELETE data.
A RESTful API -- also referred to as a RESTful web service -- is based on representational state transfer (REST) technology, an architectural style, and approach to communications often used in web services development.

How RESTful APIs work?

A RESTful API breaks down a transaction to create a series of small modules. Each module addresses a particular underlying part of the transaction. This modularity provides developers with a lot of flexibility, but it can be challenging for developers to design from scratch.

Let's get started...

I have created an authorization server and resource server both in a single API. There is an endpoint that you can call in order to retrieve the resources for the demonstration purposes.
This is written using node.js. In order to run this on your computer, you have to have node.js installed on your computer.

You can download the source codes from here: https://github.com/csandeepa/OAuth-2.0-RESTful-API

app.js>>>>>>


As you can see OAuth grant type I have given is client_credentials. This has to be mentioned in the request body when you try to get the access token from the authorization server.
Also, this app tuns on port 4000. You can give any port number here.
There are two endpoints I have created in this. One to get the access token which is "/oauth/token" and the other one is to get resources which is "/profile".
As resources, I have hardcoded one value which is the name ("") and this comes as a JSON object. 

model.js>>>>>>


Here I have created a sample user. (username = test, password = test) and all the functions that handle requests from the client are written in this file.

Now, just run the app.js


To make all get and post requests to the resource server we use RESTclient Mozilla Firefox Add-on. You can use other similar products such as Postman for this.

First of all, We have to make a POST request to get the access token from the authorization server.
For that, we have to send the authorization key in the header.

Authorization : Bearer XXXXXXXXXXXXXXX
And also we have to mention the content type in the header.

I'll demonstrate with RestClient on Mozilla Firefox with creating all the requests manually and of course how to retrieve resources.

Then we have to mention these 3 parameters in the body.

username=test
password=test
grant_type=client_credentials

The URL should be the endpoint that gives us the access token.

http://localhost:4000/oauth/token 


When we send this we get the response which has access token in it. This access token also has an expiration time.
Then we have to make a GET request to retrieve the resources we need.


Now our URL is different because we have to call a different endpoint to get these resources which is "http://localhost:4000/profile".
We do not have to mention anything in the body.
In the request header, we should send the access token we got in the previous step.

Authization: Bearer XXXXXXXXXXXXXXX

Make sure that the access token is not expired. Otherwise, you will get an error message saying that it has expired.
When you sent this request you get a response that contains the resources we specified in the code.

~CS

Comments

Post a Comment

If you got something from my writings, just put your thoughts out to words...

Popular posts from this blog

Best Ways to Make Money Online 2019

-
Image
This guide shows the best ways to make money on the internet. These methods are now very popular because you can make money online with less time and effort. However there is no way to earn money quickly but if you can try hard, you'll be able to get extra money. Start your own website or blog and connect with advertising If you need to earn money online, create your own blog or website first. If you're a student or you're away from school one of the best things you can do is start a blog and put your cv on it. Getting a blog is great if you're applying for a job, and it really helps you stand out from the crowd. You can easily start a blog using Google Blogger or Wordpress. Blogger by Google:  https://www.blogger.com/ WordPress:  https://wordpress.com/ By putting pay-per-click ads like Google Adsense, you can earn money with a website. It's going to take a while to start making money. Next, on your blog, you need to have interesting content. You'...
Read more

Cross-site Request Forgery Protection in Web Applications via Synchronizer Token

-
Image
What Is CSRF? Cross site request forgery (CSRF), also known as XSRF, Sea Surf or Session Riding, is an attack vector that tricks a web browser into executing an unwanted action in an application to which a user is logged in. A successful CSRF attack can be devastating for both the business and user. It can result in damaged client relationships, unauthorized fund transfers, changed passwords and data theft—including stolen session cookies. CSRFs are typically conducted using malicious social engineering, such as an email or link that tricks the victim into sending a forged request to a server. As the unsuspecting user is authenticated by their application at the time of the attack, it’s impossible to distinguish a legitimate request from a forged one. Implement Synchronizer Tokens Synchronizer tokens are often referred to as “challenge” tokens. These challenge tokens are included within an HTML form and associated with sensitive server-side tasks. When a user wants to...
Read more

Amazing Places To Visit In The World

-
Image
The world we live in is full of wonderful things. It would be a beautiful experience to see all those wonderful things. So this article is to show you about such wonderful areas in the world. So you can see it with your family while on vacation. Spain Nobody can get over the excitement of celebrating Christmas in Spain. Whether it's bright lighting, shopping, festive avenues, everything, Spain's all-in-one destination for this December. Spain is one of the warmest countries in Europe. The winters here are milder, but they still have warm clothes and a jacket. Take a walk through Gran Via and enjoy the bright decor. Don't forget the fine wines and tapas from San Anton Market! Talented Spanish artist Gaudi's masterpiece work is much more appreciable. He embellished the city, Barcelona with many beautiful buildings, including the massive Roman Catholic Church, La Sagrada Familia. Costa Rica There are a number of destinations in Costa Rica that you can't c...
Read more