Node js OAuth Resource server
In this blog post, I am going to show how to create a resource server API. First, we need to understand what is it resource server API and how it works. A resource server is a server for access-protected resources. It handles authenticated requests from an app that has an access token.By getting into this diagram you can identify it correctly.
You can create your own API server or you can download wso2 identity server.http://wso2.com/products/identity-server/.In this case I have created my own identity server and resource server in single API with using node.js.In order to run that you have to install node.js on your machine. https://nodejs.org/en/download/ To retrieve information or resources we use endpoint.
- As you can see OAuth grant type I have given is client_credentials. This has to be mentioned in the request body when you try to get the access token from the authorization server.
- This app runs on port 4000. You can give any port number there.
- There are two endpoints I have created in this. One to get the access token which is "/oauth/token" and the other one is to get resources which is "/profile".
- I have hardcoded one value which is the name ("pamoda") and this comes as a JSON object as requested resources.
- Here I have created a user first (username = admin, password = admin) and all the functions and configuration that handle requests from the client are written in this file.
- Open your CMD and run this
Let's run this resource server using node.js.
- To make all get and post requests to the resource server we use Postman Chrome Add-on. You can use other similar products such as RESTclient Mozilla Firefox Add-on for this.
- First of all We have to make a POST request to get the access token from the authorization server.
- For that, we have to send the authorization key in the header.
Authorization : Bearer XXXXXXXXXXXXXXX
And also we have to mention the content type in the header.
Content-Type : application/x-www-form-urlencoded
- Then we have to mention these 3 parameters in the body.
username=admin
password=admin
grant_type=client_credentials
- The URL should be the endpoint that gives us the access token.
http://localhost:3000/oauth/token
- When we send this http://localhost:3000/oauth/token we get the response which has access token in it. This access token also has an expiration time.
- Then we have to make a GET request to retrieve the resources we need.
- Now our URL is different because we have to call a different endpoint to get these resources which is
"http://localhost:3000/profile".
- We do not have to mention anything in the body.
- In the request header, we should send the access token we got in the previous step.
Authorization: Bearer XXXXXXXXXXXXXXX
- Make sure that the access token is not expired. Otherwise, you will get an error message saying that it has expired.
- When you sent this request you get a response that contains the resources we specified in the code.
Herer is the code you can download it from the Github
Thank you!
B/R
Great work !!!
ReplyDelete