This page describes a supplement to the developerWorks DataPower/OAuth article series, Parts 4 - 6. OAuth scenarios usually require three parties.

  1. Resource owner
  2. Client application
  3. Authorization server and enforcement point

This complicates testing the result of the exercises with just the curl command since one must use it to combine the first two roles. This is especially complicated in Part 6, the three-legged authorization code credential type. To simplify testing of the exercises, we wrote a Node.js application that plays the role of the OAuth client application. The reader can then use a simple browser to play the role of the resource owner.

The Node.js was written to be installed as simply as possible. It relies on no extra middleware packages (such as connect or express). Only the base install of Node.js is required. The application runs from the command line and displays results of what it is doing on behalf of the client applications. This allows the article reader (playing the resource owner with the browser) to view the interaction in real time.

Installation

  1. Download Node.js from the Node.js download site.
  2. Install Node.js. Make sure the node command is in your command line PATH environment variable.
  3. Download the OAuthClients.zip file from this site.
  4. Unzip the archive to a location on your file system where you do your work. The unzip will create a new directory OAuthClients.

Execution

  1. Record the IP address used by DataPower to implement the authorization server.
  2. Open a command line and change to the OAuthClients directory created from unzipping the download.
  3. Run the following command:
       node OAuthClient.js <dp ip>
    where <dp ip> is the IP address of the DataPower authorization server you recorded in the first step. You should see output similar to the following.
    $ node OAuthClient.js 192.168.1.4
    26 May 13:51:19 - Part4-----------------------------------------------------
    26 May 13:51:19 - Part4           client ID: password-client
    26 May 13:51:19 - Part4       client secret: passw0rd
    26 May 13:51:19 - Part4        token server: 192.168.1.4:5040
    26 May 13:51:19 - Part4     resource server: 192.168.1.4:5041
    26 May 13:51:19 - Part4               scope: /getAccount
    26 May 13:51:19 - Part4 Client App Homepage: https://127.0.0.1:5005/Part4/index.html
    26 May 13:51:19 - Part4-----------------------------------------------------
    26 May 13:51:19 - Part5-----------------------------------------------------
    26 May 13:51:19 - Part5           client ID: account-application
    26 May 13:51:19 - Part5       client secret: passw0rd
    26 May 13:51:19 - Part5        token server: 192.168.1.4:5050
    26 May 13:51:19 - Part5     resource server: 192.168.1.4:5051
    26 May 13:51:19 - Part5               scope: /getAccount
    26 May 13:51:19 - Part5 Client App Homepage: https://127.0.0.1:5005/Part5/index.html
    26 May 13:51:19 - Part5-----------------------------------------------------
    26 May 13:51:19 - Part6-----------------------------------------------------
    26 May 13:51:19 - Part6            client ID: myregistered_oauthclient
    26 May 13:51:19 - Part6        client secret: passw0rd
    26 May 13:51:19 - Part6 authorization server: 192.168.1.4:5060
    26 May 13:51:19 - Part6      resource server: 192.168.1.4:5061
    26 May 13:51:19 - Part6                scope: /getAccountInfo
    26 May 13:51:19 - Part6  Client App Homepage: https://127.0.0.1:5005/Part6/index.html
    26 May 13:51:19 - Part6-----------------------------------------------------
    26 May 13:51:19 - OAuth client is listening on port 5005 and expecting SSL.
      
    Each section corresponds to an OAuth client for a particular part of the article series. In the example above, there are clients for parts 4, 5, and 6.
  4. Open a browser to the Client App Homepage listed for the part you are working on. For example, if you are working on Part 4, then using the above listing you would open your browser to
    https://127.0.0.1:5005/Part4/index.html
    Note that the protocol specifies SSL and that your browser will warn you that it does not approve of the unrecognized certificate served.
  5. The homepage served by the Node.js server will provide instructions specific to the OAuth scenario you are investigating. Be sure to keep one eye on the Node.js log output. That's where most of the action is!

Note that the OAuth client is assumed to be running on the localhost together with your browser. You can run the OAuth client on a separate host from your browser. But if you do that, the localhost redirects won't work. In that case, you have to provide a second parameter to the OAuthClient.js program specifying the IP where the OAuth client is running. It will include this IP in its redirects so that redirects from the authorization server to your browser can find the OAuth client.

Hit Ctrl-C at the command line to quite the OAuth client.