Skip to content

Instantly share code, notes, and snippets.

@ynwd

ynwd/setup_oauth.md

Last active July 26, 2022 03:05
Show Gist options
  • Save ynwd/59d1b78ff5860f6013ce831056712558 to your computer and use it in GitHub Desktop.
Save ynwd/59d1b78ff5860f6013ce831056712558 to your computer and use it in GitHub Desktop.
Download ZIP
Cara Setup Oauth2 di Kong Gateway
Raw
setup_oauth.md

Sebelumnya, setup dulu https://github.com/ynwd/oauth-kong-example

Install docker desktop dulu, ya :)

$ git clone [email protected]:ynwd/oauth-kong-example.git
$ cd oauth-kong-example
$ docker-compose up

Buka terminal baru:

  1. Tambahkan Service:

    curl -k -X POST -H "Content-Type: application/json" -d '{"name":"step-on-api-server", "url":"http://api:3000"}' https://localhost:8001/services

    Tambahkan Route:

    curl -k -X POST -H "Content-Type: application/json" -d '{"name":"step-on-route", "service": {"name":"step-on-api-server"}, "paths": ["/stepon"]}' https://localhost:8001/routes

    Tambahkan plugin oauth2 (di kong)

    curl -k -X POST -H "Content-Type: application/json" -d '{"name":"oauth2", "config": {"scopes":["user_profile", "biometric", "step_counts"], "mandatory_scope": true, "enable_authorization_code": true}, "protocols": ["https"]}' https://localhost:8001/services/step-on-api-server/plugins

{"route":null,"service":{"id":"546f4156-665d-4c35-8124-e137fc43aa43"},"id":"5e279c13-3be4-46f6-87f3-e077e2dbf06a","tags":null,"name":"oauth2","protocols":["https"],"enabled":true,"created_at":1658737874,"config":{"pkce":"lax","enable_client_credentials":false,"enable_password_grant":false,"auth_header_name":"authorization","enable_authorization_code":true,"refresh_token_ttl":1209600,"accept_http_if_already_terminated":false,"anonymous":null,"reuse_refresh_token":false,"mandatory_scope":true,"provision_key":"n5vC81tgBLIPxNVHlxpW5mwycv3G5mYR","enable_implicit_grant":false,"hide_credentials":false,"token_expiration":7200,"scopes":["user_profile","biometric","step_counts"],"global_credentials":false},"consumer":null}

    CATATAN, perhatikan bagian ini:
    provision_key=n5vC81tgBLIPxNVHlxpW5mwycv3G5mYR

  2. Tambahkan api untuk consumer di kong

    curl -k -X POST -H "Content-Type: application/json" -d '{"username": "shoeflyshoe"}' https://localhost:8001/consumers

{"username":"shoeflyshoe","id":"fda006d1-cbe0-4547-8fd9-86278425067f","created_at":1658737955,"custom_id":null,"tags":null}

    CATATAN:
    Perhatikan bagian ini: username=shoeflyshoe

  3. Tambahkan credential untuk step no.2

    curl -k -X POST -H "Content-Type: application/json" -d '{"name": "Shoe Fly Shoe Customer Rewards", "redirect_uris": ["https://shoeflyshoe.store/oauth_return"]}' https://localhost:8001/consumers/shoeflyshoe/oauth2

{"id":"5791c113-f01b-484e-b75e-bfef857a7495","tags":null,"name":"Shoe Fly Shoe Customer Rewards","hash_secret":false,"client_type":"confidential","created_at":1658738015,"redirect_uris":["https://shoeflyshoe.store/oauth_return"],"client_secret":"y0mKETKkNBrCWUdZ6gFz4bHc5mlBpO62","client_id":"zOLaM7fCynWTDxqI9lKcAOhHJoi4k9gb","consumer":{"id":"fda006d1-cbe0-4547-8fd9-86278425067f"}}

    CATATAN:

    • Perhatikan di url, ada shoeflyshoe hasil step no.2
    • client_id:zOLaM7fCynWTDxqI9lKcAOhHJoi4k9gb dan
    • client_secret:y0mKETKkNBrCWUdZ6gFz4bHc5mlBpO62

  4. Authorize user untuk akses

    curl -k -X POST -H "Content-Type: application/json" -d '{"client_id": "zOLaM7fCynWTDxqI9lKcAOhHJoi4k9gb", "response_type": "code", "scope": "step_counts", "provision_key": "n5vC81tgBLIPxNVHlxpW5mwycv3G5mYR", "authenticated_userid": "clark", "redirect_url": "https://shoeflyshoe.store/oauth_return" }' https://localhost:8000/stepon/oauth2/authorize

{"redirect_uri":"https://shoeflyshoe.store/oauth_return?code=n0V6kS1k7iGSNkQ2rYcvtfkpBJ9nlqPX"}

    CATATAN: Perhatikan bagian ini di url: code=n0V6kS1k7iGSNkQ2rYcvtfkpBJ9nlqPX

  5. Dapatkan akses token

    dapatkan:

    • code dari no.4
    • client_id & client_secret dari no. 3
    curl -k -X POST -H "Content-Type: application/json" -d '{"grant_type": "authorization_code", "code": "n0V6kS1k7iGSNkQ2rYcvtfkpBJ9nlqPX", "client_id": "zOLaM7fCynWTDxqI9lKcAOhHJoi4k9gb", "client_secret": "y0mKETKkNBrCWUdZ6gFz4bHc5mlBpO62" }' https://localhost:8000/stepon/oauth2/token

{"expires_in":7200,"access_token":"3D4CKetWRbaiBwHutKKhCeKEFhYIs2Li","refresh_token":"AWB8gQeoQ55bmvwazA7V5BWsKdT2YtB3","token_type":"bearer"}

    CATATAN: Perhatikan: access_token=3D4CKetWRbaiBwHutKKhCeKEFhYIs2Li

  6. Gunakan access_token untuk akses API end-point

    dapatkan:

    • access_token dari no.5
    curl -k -H "Authorization: Bearer 3D4CKetWRbaiBwHutKKhCeKEFhYIs2Li" https://localhost:8000/stepon/stepcounts

[{"date":"2021-01-01","count":2500},{"date":"2021-01-02","count":12000},{"date":"2021-01-03","count":9500}]
@ynwd
Copy link
Author

ynwd commented Jul 25, 2022

Screen Shot 2022-07-25 at 16 52 41

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment