oauth2-jwt

OAuth 2.0 JSON Web Token flow, commonly known as "two-legged OAuth 2.0"

See: https://tools.ietf.org/html/draft-ietf-oauth-jwt-bearer-12

Code

client - Designed to be used with clients interacting with APIs externally

integration - end to end integration test of oauth workflow

server - resources for support authorization-grant endpoint

edge - library for edge services to validate requests

store - backing store for long live key storage

Using OAuth 2.0 to Access Formation APIs

Basic Steps

Related google oauth 2.0 flow

Obtain OAuth 2.0 Credentials from the console
Obtain an access token from the Formation Authorization Server.
Send the access token to an API.
Refresh the access token, if necessary.

Detailed Steps

1. Obtain OAuth 2.0 Credentials from the console

see UI documentation

2. Obtain an access token from the Formation Authorization Server.

Preparing to make an authorized API call

3. Send the access token to an API.

Calling APIs

4. Refresh the access token, if necessary.

Access tokens issued by the Formation OAuth 2.0 Authorization Server after the duration provided by the expires_in value. When an access token expires, then the application should generate another JWT, sign it, and request another access token.

Standards

Will be implemented with ietf standards.

OAuth2 2.0 Protocol - rfc6749
Granting short lived bearer tokens (AuthZ scoping) - rfc7523#section-2.1
JWT format and signature - rfc7519
Claims defined by OAuth2 JWT Profile - rfc7523
Server validation of signed request - rfc7523#section-3

Follows the OAuth2 2.0 flow.

Setup environment

go run ./util server-bootstrap

Store in secrets manager: <env>/private-key

Store public key for edge services

echo '<public-key>' | base64 -w 0

About

OAuth 2.0 JSON Web Token flow, commonly known as "two-legged OAuth 2.0"

Languages

Language:Go 99.1%Language:Shell 0.9%