Skip to content

Instantly share code, notes, and snippets.

@kmikulski
kmikulski / post.sh
Created Dec 5, 2018
the description for this gist
View post.sh
HTTP/1.1 401 Unauthorized
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Authorization, Content-Type, X-Requested-With
Server: akka-http/10.1.4
Date: Wed, 21 Nov 2018 21:09:52 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 0
@kmikulski
kmikulski / post.sh
Created Dec 5, 2018
the description for this gist
View post.sh
jakub@jakub-desktop:~$ curl 'http://localhost:9000/users' -H 'Pragma: no-cache' -H 'Origin: http://localhost:3000'
-H 'Accept-Encoding: gzip, deflate, br' -H 'Accept-Language: en-GB,en;q=0.9,en-US;q=0.8,pl;q=0.7,la;q=0.6'
-H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/70.0.3538.77 Chrome/70.0.3538.77 Safari/537.36'
-H 'Accept: */*' -H 'Cache-Control: no-cache'
-H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJOZ045MnRlSW9iaUIwYXlBSm9mdkhQaW1oX2w2RUVJbUF0SDhXSi1hQnVjIn0.
eyJqdGkiOiI1YjAwODQ4Yi05MjljLTQ3ZDEtOTI1My1lYmRiOTcwNWVjNjQiLCJleHAiOjE1NDI4MzQzNzcsIm5iZiI6MCwiaWF0IjoxNTQyODM0MDc3LCJpc3MiOiJodHRwOi8vbG
9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvTXlEZW1vIiwiYXVkIjoibXktcmVhY3QtY2xpZW50Iiwic3ViIjoiYjY2Y2YyMTctYzAzMi00YjBjLWE3YzctYWViMjZjNGIyOTMxIiwi
dHlwIjoiQmVhcmVyIiwiYXpwIjoibXktcmVhY3QtY2xpZW50Iiwibm9uY2UiOiI3ZjYzNTFkOC03MzUxLTQwNWEtODBmZi02ZGNmNGNjZmJlNjgiLCJhdXRoX3RpbWUiOjE1NDI4Mz
IyMjAsInNlc3Npb25fc3RhdGUiOiJmN2Q3NTRhNy04OTk4LTQ
@kmikulski
kmikulski / post.scala
Created Dec 5, 2018
the description for this gist
View post.scala
lazy val userRoutes: Route =
path("users") {
authorize { token =>
val resultF = (userRegistryActor ? GetUsers).mapTo[Users]
onSuccess(resultF)(u => complete(u))
}
}
@kmikulski
kmikulski / post.scala
Created Dec 5, 2018
the description for this gist
View post.scala
def verifyToken(token: String): Future[Option[AccessToken]] = {
val tokenVerifier = RSATokenVerifier.create(token).realmUrl(keycloakDeployment.getRealmInfoUrl)
for {
publicKey <- publicKeys.map(_.get(tokenVerifier.getHeader.getKeyId))
} yield publicKey match {
case Some(publicKey) =>
val token = tokenVerifier.publicKey(publicKey).verify().getToken
Some(token)
case None =>
log.warning(s"no public key found for id ${tokenVerifier.getHeader.getKeyId}")
@kmikulski
kmikulski / post.scala
Created Dec 5, 2018
the description for this gist
View post.scala
case class Keys(keys: Seq[KeyData])
case class KeyData(kid: String, n: String, e: String)
implicit val keyDataFormat = jsonFormat3(KeyData)
implicit val keysFormat = jsonFormat1(Keys)
lazy val publicKeys: Future[Map[String, PublicKey]] =
Http().singleRequest(HttpRequest(uri = keycloakDeployment.getJwksUrl)).flatMap(response => {
Unmarshal(response).to[Keys].map(_.keys.map(k => (k.kid, generateKey(k))).toMap)
})
@kmikulski
kmikulski / post.json
Created Dec 5, 2018
the description for this gist
View post.json
{
"keys":[
{
"kid":"NgN92teIobiB0ayAJofvHPimh_l6EEImAtH8WJ-aBuc",
"kty":"RSA",
"alg":"RS256",
"use":"sig",
"n":"uIUpyEkQC0rKZlKVBowFxIrZ_Tlv2eCkeLkQibpFEU1y0w...",
"e":"AQAB"
}
@kmikulski
kmikulski / post.scala
Created Dec 5, 2018
the description for this gist
View post.scala
val keycloakDeployment: KeycloakDeployment =
KeycloakDeploymentBuilder.build(getClass.getResourceAsStream("/keycloak.json"))
@kmikulski
kmikulski / post.json
Created Dec 5, 2018
the description for this gist
View post.json
{
"realm": "MyDemo",
"auth-server-url": "http://localhost:8080/auth",
"ssl-required": "external",
"resource": "my-react-client",
"public-client": true,
"confidential-port": 0
}
@kmikulski
kmikulski / post.scala
Created Dec 5, 2018
the description for this gist
View post.scala
trait AuthorizationHandler extends SprayJsonSupport with DefaultJsonProtocol {
implicit def executionContext: ExecutionContext
implicit def materializer: ActorMaterializer
implicit def system: ActorSystem
def log: LoggingAdapter
def authorize: Directive1[AccessToken] =
extractCredentials.flatMap {
case Some(OAuth2BearerToken(token)) =>
@kmikulski
kmikulski / post.json
Created Dec 5, 2018
the description for this gist
View post.json
{
"jti":"9df7224d-b9cc-4577-80e1-8550b17e3101",
"exp":1539103331,
"nbf":0,
"iat":1539103031,
"iss":"http://localhost:8080/auth/realms/MyDemo",
"aud":"my-react-client",
"sub":"b66cf217-c032-4b0c-a7c7-aeb26c4b2931",
"typ":"Bearer",
"azp":"my-react-client",