This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
HTTP/1.1 401 Unauthorized | |
Access-Control-Allow-Origin: * | |
Access-Control-Allow-Credentials: true | |
Access-Control-Allow-Headers: Authorization, Content-Type, X-Requested-With | |
Server: akka-http/10.1.4 | |
Date: Wed, 21 Nov 2018 21:09:52 GMT | |
Content-Type: text/plain; charset=UTF-8 | |
Content-Length: 0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jakub@jakub-desktop:~$ curl 'http://localhost:9000/users' -H 'Pragma: no-cache' -H 'Origin: http://localhost:3000' | |
-H 'Accept-Encoding: gzip, deflate, br' -H 'Accept-Language: en-GB,en;q=0.9,en-US;q=0.8,pl;q=0.7,la;q=0.6' | |
-H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/70.0.3538.77 Chrome/70.0.3538.77 Safari/537.36' | |
-H 'Accept: */*' -H 'Cache-Control: no-cache' | |
-H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJOZ045MnRlSW9iaUIwYXlBSm9mdkhQaW1oX2w2RUVJbUF0SDhXSi1hQnVjIn0. | |
eyJqdGkiOiI1YjAwODQ4Yi05MjljLTQ3ZDEtOTI1My1lYmRiOTcwNWVjNjQiLCJleHAiOjE1NDI4MzQzNzcsIm5iZiI6MCwiaWF0IjoxNTQyODM0MDc3LCJpc3MiOiJodHRwOi8vbG | |
9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvTXlEZW1vIiwiYXVkIjoibXktcmVhY3QtY2xpZW50Iiwic3ViIjoiYjY2Y2YyMTctYzAzMi00YjBjLWE3YzctYWViMjZjNGIyOTMxIiwi | |
dHlwIjoiQmVhcmVyIiwiYXpwIjoibXktcmVhY3QtY2xpZW50Iiwibm9uY2UiOiI3ZjYzNTFkOC03MzUxLTQwNWEtODBmZi02ZGNmNGNjZmJlNjgiLCJhdXRoX3RpbWUiOjE1NDI4Mz | |
IyMjAsInNlc3Npb25fc3RhdGUiOiJmN2Q3NTRhNy04OTk4LTQ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
lazy val userRoutes: Route = | |
path("users") { | |
authorize { token => | |
val resultF = (userRegistryActor ? GetUsers).mapTo[Users] | |
onSuccess(resultF)(u => complete(u)) | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
def verifyToken(token: String): Future[Option[AccessToken]] = { | |
val tokenVerifier = RSATokenVerifier.create(token).realmUrl(keycloakDeployment.getRealmInfoUrl) | |
for { | |
publicKey <- publicKeys.map(_.get(tokenVerifier.getHeader.getKeyId)) | |
} yield publicKey match { | |
case Some(publicKey) => | |
val token = tokenVerifier.publicKey(publicKey).verify().getToken | |
Some(token) | |
case None => | |
log.warning(s"no public key found for id ${tokenVerifier.getHeader.getKeyId}") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
case class Keys(keys: Seq[KeyData]) | |
case class KeyData(kid: String, n: String, e: String) | |
implicit val keyDataFormat = jsonFormat3(KeyData) | |
implicit val keysFormat = jsonFormat1(Keys) | |
lazy val publicKeys: Future[Map[String, PublicKey]] = | |
Http().singleRequest(HttpRequest(uri = keycloakDeployment.getJwksUrl)).flatMap(response => { | |
Unmarshal(response).to[Keys].map(_.keys.map(k => (k.kid, generateKey(k))).toMap) | |
}) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"keys":[ | |
{ | |
"kid":"NgN92teIobiB0ayAJofvHPimh_l6EEImAtH8WJ-aBuc", | |
"kty":"RSA", | |
"alg":"RS256", | |
"use":"sig", | |
"n":"uIUpyEkQC0rKZlKVBowFxIrZ_Tlv2eCkeLkQibpFEU1y0w...", | |
"e":"AQAB" | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
val keycloakDeployment: KeycloakDeployment = | |
KeycloakDeploymentBuilder.build(getClass.getResourceAsStream("/keycloak.json")) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"realm": "MyDemo", | |
"auth-server-url": "http://localhost:8080/auth", | |
"ssl-required": "external", | |
"resource": "my-react-client", | |
"public-client": true, | |
"confidential-port": 0 | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
trait AuthorizationHandler extends SprayJsonSupport with DefaultJsonProtocol { | |
implicit def executionContext: ExecutionContext | |
implicit def materializer: ActorMaterializer | |
implicit def system: ActorSystem | |
def log: LoggingAdapter | |
def authorize: Directive1[AccessToken] = | |
extractCredentials.flatMap { | |
case Some(OAuth2BearerToken(token)) => |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"jti":"9df7224d-b9cc-4577-80e1-8550b17e3101", | |
"exp":1539103331, | |
"nbf":0, | |
"iat":1539103031, | |
"iss":"http://localhost:8080/auth/realms/MyDemo", | |
"aud":"my-react-client", | |
"sub":"b66cf217-c032-4b0c-a7c7-aeb26c4b2931", | |
"typ":"Bearer", | |
"azp":"my-react-client", |
NewerOlder