OAuth2 Implicit Grant with 3Scale and Red Hat SSO

Image for post
Image for post
fpx021911–06 / Dennis Hill

This post demonstrates the OAuth2 Implicit Grant with 3Scale SaaS, APICast Gateway, and Red Hat SSO v7.1. In the last post, we introduced these components and demonstrated a functioning OAuth2 Authorization Code Grant (and OpenID Connect Authorization Code Flow). This is all part of my 3Scale API Management & Red Hat SSO Series.

If you are interested in using the OAuth2 Implicit Grant with just Red Hat SSO v7.1, check out this post.

This brief post demonstrates the OAuth2 Implicit Grant with 3Scale using the OAuth2 + OIDC Debugger available here. We will authenticate an end user with the Implicit Grant and then use the access token obtained to make a secure API call to an Echo API that is protected by 3Scale and a self-managed APICast Gateway.

The OAuth2 Implicit Grant is used with applications that require end user authentication, but are not able to keep a client secret secure (ie, a confidential client). This is typically going to be a SPA or javascript application running a browser, but could also be used by other application types that fit this description. Check out this blog post regarding which OAuth2 Grant should be used when.

Do the following:

Image for post
Image for post
Image for post
Image for post
GET http://localhost:8080/authorize?
state=1a82b49c-8537-4d84-9cac-1409ebc60415&
nonce=be0a88c1-ace8-4ddf-939b-a2f614b06067&
response_type=token&
client_id=379fbeeb&
redirect_uri=http://localhost:3000/callback&
scope=User
Image for post
Image for post
Image for post
Image for post
{
"swagger": "2.0",
"info": {
"version": "1.0.0",
"title": "Echo API",
"description": "A sample echo API"
},
"host": "echo-api.3scale.net",
"basePath": "/",
"schemes": [
"http"
],
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"securityDefinitions": {
"oauth": {
"type": "oauth2",
"authorizationUrl": "http://localhost:8080/authorize",
"tokenUrl": "http://localhost:8080/oauth/token",
"flow": "accessCode",
"scopes": {
"openid profile User": "Perform user related functions"
}
}
},
"paths": {
"/": {
"get": {
"description": "Echo API with no parameters",
"operationId": "echo_no_params",
"produces": [
"application/json",
"application/xml",
"text/xml",
"text/html"
],
"parameters": [
{
"name": "user_key",
"in": "query",
"description": "Your API access key",
"required": true,
"x-data-threescale-name": "user_keys",
"type": "string"
}
],
"responses": {
"200": {
"description": "response",
"schema": {
"$ref": "#/definitions/ResponseModel"
}
},
"default": {
"description": "unexpected error",
"schema": {
"$ref": "#/definitions/ErrorModel"
}
}
},
"security": [
{ "oauth": ["openid profile User"] }
]
}
},
"/{echo}": {
"get": {
"description": "Echo API with parameters",
"operationId": "echo_with_params",
"produces": [
"application/json",
"application/xml",
"text/xml",
"text/html"
],
"parameters": [
{
"name": "echo",
"in": "path",
"description": "The string to be echoed",
"required": true,
"type": "string"
},
{
"name": "user_key",
"in": "query",
"description": "Your API access key",
"required": true,
"x-data-threescale-name": "user_keys",
"type": "string"
}
],
"responses": {
"200": {
"description": "response",
"schema": {
"$ref": "#/definitions/ResponseModel"
}
},
"default": {
"description": "unexpected error",
"schema": {
"$ref": "#/definitions/ErrorModel"
}
}
}
}
}
},
"definitions": {
"ResponseModel": {
"type": "object",
"required": [
"method",
"path",
"args",
"headers"
],
"properties": {
"method": {
"type": "string"
},
"path": {
"type": "string"
},
"args": {
"type": "string"
},
"headers": {
"type": "object"
}
}
},
"ErrorModel": {
"type": "object",
"required": [
"code",
"message"
],
"properties": {
"code": {
"type": "integer",
"format": "int32"
},
"message": {
"type": "string"
}
}
}
}
}
Image for post
Image for post
Image for post
Image for post
Image for post
Image for post
Image for post
Image for post

That concludes our tutorial. In future posts, we will continue to look at the other OAuth2 Authorization Grants with 3Scale and APICast.

Image: fpx021911–06 / Dennis Hill

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch

Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore

Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store