This page describes a supplement to the developerWorks DataPower/OAuth article series, Parts 4 - 6. OAuth scenarios usually require three parties.
- Resource owner
- Client application
- Authorization server and enforcement point
This complicates testing the result of the exercises with just the curl command since one must use it to combine the first two roles. This is especially complicated in Part 6, the three-legged authorization code credential type. To simplify testing of the exercises, we wrote a Node.js application that plays the role of the OAuth client application. The reader can then use a simple browser to play the role of the resource owner.
The Node.js was written to be installed as simply as possible. It relies on no extra middleware packages (such as connect or express). Only the base install of Node.js is required. The application runs from the command line and displays results of what it is doing on behalf of the client applications. This allows the article reader (playing the resource owner with the browser) to view the interaction in real time.
Installation
- Download Node.js from the Node.js download site.
- Install Node.js. Make sure the node command is in your command line PATH environment variable.
- Download the OAuthClients.zip file from this site.
- Unzip the archive to a location on your file system where you do your work. The unzip will create a new directory OAuthClients.
Execution
- Record the IP address used by DataPower to implement the authorization server.
- Open a command line and change to the OAuthClients directory created from unzipping the download.
- Run the following command:
node OAuthClient.js <dp ip>
where <dp ip> is the IP address of the DataPower authorization server you recorded in the first step. You should see output similar to the following.$ node OAuthClient.js 192.168.1.4 26 May 13:51:19 - Part4----------------------------------------------------- 26 May 13:51:19 - Part4 client ID: password-client 26 May 13:51:19 - Part4 client secret: passw0rd 26 May 13:51:19 - Part4 token server: 192.168.1.4:5040 26 May 13:51:19 - Part4 resource server: 192.168.1.4:5041 26 May 13:51:19 - Part4 scope: /getAccount 26 May 13:51:19 - Part4 Client App Homepage: https://127.0.0.1:5005/Part4/index.html 26 May 13:51:19 - Part4----------------------------------------------------- 26 May 13:51:19 - Part5----------------------------------------------------- 26 May 13:51:19 - Part5 client ID: account-application 26 May 13:51:19 - Part5 client secret: passw0rd 26 May 13:51:19 - Part5 token server: 192.168.1.4:5050 26 May 13:51:19 - Part5 resource server: 192.168.1.4:5051 26 May 13:51:19 - Part5 scope: /getAccount 26 May 13:51:19 - Part5 Client App Homepage: https://127.0.0.1:5005/Part5/index.html 26 May 13:51:19 - Part5----------------------------------------------------- 26 May 13:51:19 - Part6----------------------------------------------------- 26 May 13:51:19 - Part6 client ID: myregistered_oauthclient 26 May 13:51:19 - Part6 client secret: passw0rd 26 May 13:51:19 - Part6 authorization server: 192.168.1.4:5060 26 May 13:51:19 - Part6 resource server: 192.168.1.4:5061 26 May 13:51:19 - Part6 scope: /getAccountInfo 26 May 13:51:19 - Part6 Client App Homepage: https://127.0.0.1:5005/Part6/index.html 26 May 13:51:19 - Part6----------------------------------------------------- 26 May 13:51:19 - OAuth client is listening on port 5005 and expecting SSL.
Each section corresponds to an OAuth client for a particular part of the article series. In the example above, there are clients for parts 4, 5, and 6. - Open a browser to the Client App Homepage listed for the
part you are working on. For example, if you are working on Part 4, then
using the above listing you would open your browser to
https://127.0.0.1:5005/Part4/index.html
Note that the protocol specifies SSL and that your browser will warn you that it does not approve of the unrecognized certificate served. - The homepage served by the Node.js server will provide instructions specific to the OAuth scenario you are investigating. Be sure to keep one eye on the Node.js log output. That's where most of the action is!
Note that the OAuth client is assumed to be running on the localhost together with your browser. You can run the OAuth client on a separate host from your browser. But if you do that, the localhost redirects won't work. In that case, you have to provide a second parameter to the OAuthClient.js program specifying the IP where the OAuth client is running. It will include this IP in its redirects so that redirects from the authorization server to your browser can find the OAuth client.
Hit Ctrl-C at the command line to quite the OAuth client.