A client would like to access the Resource API behind an Authroization Server, therefore, the client must first authenticate with the Authroization Server in order to retrieve information from the Resource API .

This project is a Python prototype simulating the communication between client, authorization service, resource API. The authorization service is used to guard specific API resource behind. This project has three servers:

• client_server
• auth_server
• api_server

to simulate the server side application oauth2 authorization flow. More details regard to Oauth2 authorization flow can be found here

note: username and password are both "admin" for authorization

Ensure python3.9 or above is available in your environment

# create virtual environment
python -m venv venv

# activate the environment
source venv/bin/activate

# install required dependencies
pip install -r requirements.txt

Follow the commands below to launch the servers in separate terminals

• launch client

  cd {project_root}/client_server
  uvicorn client_server:app --reload --port 8000
  

• launch authentication/authorization server

  cd {project_root}/auth_server
  uvicorn auth_server:app --reload --port 8001
  

• launch api server

  cd {project_root}/api_server
  uvicorn api_server:app --reload --port 8002
  

Since this is a prototype, there are several points below need to be completed if this authorization service is put into real use. Currently neither authorization code or access code has expiration time.

• Include expiration time in encoding to produce authorization code, and disable authorization code when it expires.
• Apply safer encryption to generate authorization code
• Implement access code management by specific scheme. This scheme should specify how to
  • generate the access code
  • share the access code between auth_server and api_server
  • disable it when it expire
• (Optional) Create mapping among user, client and api resource