WSO2 Carbon Extension- Identity Oauth Extensions Feature

This feature contains extension feature for JWT Grant Type

Лицензия	Лицензия The Apache Software License, Version 2.0
Категории	Категории IDE Инструменты разработки H2 Данные Базы данных OAuth2 Безопасность
Группа	Группа org.wso2.carbon.extension.identity.oauth.addons
Идентификатор	Идентификатор org.wso2.carbon.extension.identity.oauth2.extension.feature
Последняя версия	Последняя версия 1.0.4
Дата	Дата 2 мар. 2018 г.
Тип	Тип pom
Описание	Описание WSO2 Carbon Extension- Identity Oauth Extensions Feature This feature contains extension feature for JWT Grant Type
Ссылка на сайт	Ссылка на сайт http://wso2.org
Организация-разработчик	Организация-разработчик WSO2

Скачать org.wso2.carbon.extension.identity.oauth2.extension.feature

Имя Файла	Размер
org.wso2.carbon.extension.identity.oauth2.extension.feature-1.0.4.pom
org.wso2.carbon.extension.identity.oauth2.extension.feature-1.0.4.zip	3 KB
Обзор

Как подключить последнюю версию

Apache Maven

<!-- https://jarcasting.com/artifacts/org.wso2.carbon.extension.identity.oauth.addons/org.wso2.carbon.extension.identity.oauth2.extension.feature/ -->
<dependency>
    <groupId>org.wso2.carbon.extension.identity.oauth.addons</groupId>
    <artifactId>org.wso2.carbon.extension.identity.oauth2.extension.feature</artifactId>
    <version>1.0.4</version>
    <type>pom</type>
</dependency>

Gradle Groovy

// https://jarcasting.com/artifacts/org.wso2.carbon.extension.identity.oauth.addons/org.wso2.carbon.extension.identity.oauth2.extension.feature/
implementation 'org.wso2.carbon.extension.identity.oauth.addons:org.wso2.carbon.extension.identity.oauth2.extension.feature:1.0.4'

Gradle Kotlin

// https://jarcasting.com/artifacts/org.wso2.carbon.extension.identity.oauth.addons/org.wso2.carbon.extension.identity.oauth2.extension.feature/
implementation ("org.wso2.carbon.extension.identity.oauth.addons:org.wso2.carbon.extension.identity.oauth2.extension.feature:1.0.4")

Apache Buildr

'org.wso2.carbon.extension.identity.oauth.addons:org.wso2.carbon.extension.identity.oauth2.extension.feature:pom:1.0.4'

Apache Ivy

<dependency org="org.wso2.carbon.extension.identity.oauth.addons" name="org.wso2.carbon.extension.identity.oauth2.extension.feature" rev="1.0.4">
  <artifact name="org.wso2.carbon.extension.identity.oauth2.extension.feature" type="pom" />
</dependency>

Groovy Grape

@Grapes(
@Grab(group='org.wso2.carbon.extension.identity.oauth.addons', module='org.wso2.carbon.extension.identity.oauth2.extension.feature', version='1.0.4')
)

Scala SBT

libraryDependencies += "org.wso2.carbon.extension.identity.oauth.addons" % "org.wso2.carbon.extension.identity.oauth2.extension.feature" % "1.0.4"

Leiningen

[org.wso2.carbon.extension.identity.oauth.addons/org.wso2.carbon.extension.identity.oauth2.extension.feature "1.0.4"]

Зависимости

compile (23)

Идентификатор библиотеки	Тип	Версия
org.wso2.carbon.extension.identity.oauth.addons : org.wso2.carbon.identity.oauth2.token.handler.clientauth.jwt	jar	1.0.4
org.wso2.carbon.identity.framework : org.wso2.carbon.idp.mgt	jar	5.11.16
org.wso2.carbon.identity.framework : org.wso2.carbon.identity.application.common	jar	5.11.16
org.wso2.carbon.identity.framework : org.wso2.carbon.identity.user.profile	jar	5.11.16
org.wso2.carbon.identity.framework : org.wso2.carbon.identity.core	jar	5.11.16
org.wso2.carbon.identity.framework : org.wso2.carbon.identity.application.authentication.framework	jar	5.11.16
commons-collections : commons-collections	jar	3.2.2
org.wso2.carbon.identity.framework : org.wso2.carbon.identity.notification.mgt	jar	5.11.16
org.wso2.carbon : org.wso2.carbon.core	jar	4.4.7
org.wso2.carbon : org.wso2.carbon.user.core	jar	4.4.7
org.wso2.carbon.identity.framework : org.wso2.carbon.identity.application.mgt	jar	5.11.16
org.apache.oltu.oauth2 : org.apache.oltu.oauth2.client	jar	0.31
org.apache.oltu.oauth2 : org.apache.oltu.oauth2.common	jar	1.0.1
org.wso2.carbon : org.wso2.carbon.ui	jar	4.4.7
org.json.wso2 » json	jar	3.0.0.wso2v1
javax.servlet : jstl	jar	1.2
com.nimbusds.wso2 » nimbus-jose-jwt	jar	2.26.1.wso2v2
org.wso2.orbit.org.apache.oltu.oauth2 » oltu	jar	1.0.0.wso2v3
org.wso2.carbon.identity.inbound.auth.oauth2 : org.wso2.carbon.identity.oauth	jar	5.6.29
org.wso2.securevault : org.wso2.securevault	jar	1.0.0-wso2v2
org.wso2.orbit.org.owasp.encoder » encoder	jar	1.2.0.wso2v1
junit : junit	jar	4.12
org.testng : testng	jar	6.9.10

provided (1)

Идентификатор библиотеки	Тип	Версия
javax.servlet : servlet-api	jar	3.0-alpha-1

test (7)

Идентификатор библиотеки	Тип	Версия
org.jacoco : org.jacoco.agent	jar	0.7.9
org.powermock : powermock-module-testng	jar	1.6.6
org.powermock : powermock-api-mockito	jar	1.6.6
javax : javaee-web-api	jar	7.0
com.h2database : h2	jar	1.0.60
org.wso2.carbon.identity.framework : org.wso2.carbon.identity.testutil	jar	5.11.9
org.wso2.carbon : org.wso2.carbon.tomcat.ext	jar	4.4.7

Модули Проекта

Данный проект не имеет модулей.

Identity OAuth Addons

This repository contains implementations for oauth extentions.

01. Private Key JWT Client Authentication

Pre-requisites:

Maven 3.x
Java 1.7 or above

Tested Platform:

Linux
WSO2 IS 5.5.0
Java 1.7

Do the following:

Deploying and Configuring JWT client-handler artifacts:

Execute "mvn clean install" to build the project.
Place component/client-handler/org.wso2.carbon.identity.oauth2.grant.jwttarget/ org.wso2.carbon.identity.oauth2.token.handler.clientauth.jwt--SNAPSHOT.jar in the <IS_HOME>/repository/component/dropins directory.

To register the JWT grant type, configure the <IS_HOME>/repository/conf/identity/identity.xml file by adding a new entry under the element. Add a unique identifier between as seen in the code block below.

 <EventListener type="org.wso2.carbon.identity.core.handler.AbstractIdentityHandler"
                            name="org.wso2.carbon.identity.oauth2.token.handler.clientauth.jwt.PrivateKeyJWTClientAuthenticator"
                            orderId="899" enable="true">
     <Property name="preventTokenReuse">true</Property>
     <Property name="RejectBeforeInMinutes">100</Property>
     <Property name="TokenEndPointAlias">sample url</Property>
 </EventListener>

Add Cache-configuration entry in <IS_HOME>/repository/conf/identity/identity.xml as below

 <CacheConfig>
    <CacheManager name="IdentityApplicationManagementCacheManager">
       ...
       <Cache name="PrivateKeyJWT" enable="true" timeout="10" capacity="5000" isDistributed="false"/>
    </CacheManager>
</CacheConfig>

Restart Server
Add service provider
- Select Add under Service Providers menu in the Main menu.
- Fill in the Service Provider Name and provide a brief Description of the service provider.
- Import the public key of the private_key_jwt issuer.
- Expand the OAuth/OpenID Connect Configuration and click Configure.
- Enter a callback url for example http://localhost:8080/playground2/oauth2client and click Add.
- The OAuth Client Key and OAuth Client Secret will now be visible.
The cURL command below can be used to retrieve access token and refresh token using a JWT. curl -v POST -H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" -k -d 'client_id=<clientid>&grant_type=authorization_code&code=$CODE&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer&client_assertion=<private_key_jwt>&redirect_uri=http://localhost:8080/playground2/oauth2client" https://localhost:9443/oauth2/token
Refer https://docs.wso2.com/display/IS550/Private+Key+JWT+Client+Authentication+for+OIDC for more details

02. Privileged User Authenticator

This authenticator is used to authenticate a privileged user and allow the permission to revoke accesstokens on behalf of an application.

Deploying and Configuring artifacts

Execute "mvn clean install" to build the project.
Place component/org.wso2.carbon.identity.oauth2.clientauth.privilegeduser/target/ org.wso2.carbon.identity.oauth2.clientauth.privilegeduser--SNAPSHOT.jar in the <IS_HOME>/repository/component/dropins directory. 3.The cURL command below can be used to revoke an accesstoken.

curl -k -v -d "username=<username>&password=<password>&token=<token>&token_type_hint
=<token_type>&client_id=<client-id>"  -H "Content-Type: application/x-www-form-urlencoded" https
://localhost
:9443/oauth2/revoke

Sample Request:

curl -k -v -d "username=admin@abc.com&password=admin&token=9f716139-4493-3635-abec-7498c2e6cba8&token_type_hint
=access_token&client_id=9e8S8L1lkippHTPIwhfXSl6IWGUa"  -H "Content-Type: application/x-www-form-urlencoded" https://localhost:9443/oauth2/revoke

Deployment.toml Config

Add the following config in the deployment.toml file to enable this authenticator.

[[event_listener]]
id = "privileged_user_authenticator"
type = "org.wso2.carbon.identity.core.handler.AbstractIdentityHandler"
name = "org.wso2.carbon.identity.oauth2.clientauth.privilegeduser.PrivilegedUserAuthenticator"
order = "200"

User Permission

The privileged user should have the following permission to revoke the access token /permission/admin/manage /application/revoke
Create the above permission
Assign that permission to the privileged user

WSO2 Extensions

Версии библиотеки

Версия
1.0.4 2 мар. 2018 г.
1.0.3 1 мар. 2018 г.
1.0.2 15 февр. 2018 г.
1.0.0 1 янв. 2018 г.

WSO2 Carbon Extension- Identity Oauth Extensions Feature

Лицензия

Категории

Группа

Идентификатор

Последняя версия

Дата

Тип

Описание

Ссылка на сайт

Организация-разработчик