Enterprise Integration Zone is brought to you in partnership with:

I am currently working as a Software Architect and a Senior Manager at WSO2. I have spoken in numerous conferences - OSCON 2009, ApacheCon 2009, WSO2Con 2010, WSO2 SOA Workshops and WSO2 Security Workshops. I am a graduate from University of Moratuwa, Sri Lanka and in 2008 I completed my Masters specialized in software architecture from the same University. I also gained professional qualifications in BCS and ACS as well as certifications in SCDJWS, SCJP, SCBCD, SCWCD, MCSD, OCA, and CCNA. Prabath is a DZone MVB and is not an employee of DZone and has posted 22 posts at DZone. You can read more from them at their website. View Full User Profile

OAuth 2.0 Playground with WSO2 Identity Server

  • submit to reddit
WSO2 Identity Server adds OAuth 2.0 support from it's very next release. Hopefully by the end of this August. OAuth Core specification supports four grant types.

1. Authorization Code Grant (authorization_code)
2. Implicit Grant
3. Resource Owner Password Credentials Grant (password)
4. Client Credentials Grant (client_credentials)

First you need to setup the sample web app. You can download it from here and host it in Tomcat. I assume it runs at http://localhost:8080/playground. If the Identity Server is not running on 9443 - then you need to edit the web.xml of the web app appropriately.

Then you need to download the WSO2 Identity Server 4.0.0 server from here.

1. Start the server
2. Login with admin/admin
3. Main/Manage/OAuth/Register New Application

4. Select OAuth 2.0
5. Give an Application Name and any Callback Url. For the sample to work, it should be http://localhost:8080/playground/oauth2client

6. Once you click on "Add" you will be taken to the OAuth Management page
7. Click on the application you just created.

8. Copy the values of Client Id, Client Secret, Access Token Url and Authorie Url -- we need these values later during different stages in the web app.

That's it. We are done. Now go to the web app... http://localhost:8080/playground.

Authorization Grant Type : Select one of the four as per the OAuth spec.
Client Id : Client Id from the above image.
Client Secret : Client Secret from the above image.
Resource Owner User Name : Any valid user name from WSO2 IS.
Resource Owner Password : Password correponding to "Resource Owner User Name".
Scope : By default can be anything. No validation. You can override the functionality if needed.
Authorize Endpoint : Authorize Url from the above image.
Access Token Endpoint : Access Token Url from the above image.

Click on import photos... Then you can execute the OAuth flow by selecting the Grant Type you want.

You can download the complete code of sample web application from here.

From the root level type "mvn clean install" to build it.
Published at DZone with permission of Prabath Siriwardena, author and DZone MVB. (source)

(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)