= OAuth 2.0 Resource Server Sample This sample demonstrates integrating Resource Server with a pre-configured key. With it, you can run the integration tests or run the application as a stand-alone service to explore how you can secure your own service with OAuth 2.0 Bearer Tokens using Spring Security. == 1. Running the tests To run the tests, do: ```bash ./gradlew integrationTest ``` Or import the project into your IDE and run `OAuth2ResourceServerApplicationITests` from there. === What is it doing? By default, the application is configured with an RSA public key that is available in the sample. The tests are configured with a set of hard-coded tokens that are signed with the corresponding RSA private key. Each test makes a query to the Resource Server with their corresponding token. The Resource Server subsequently verifies the token against the public key and authorizes the request, returning the phrase ```bash Hello, subject! ``` where "subject" is the value of the `sub` field in the token. == 2. Running the app To run as a stand-alone application, do: ```bash ./gradlew bootRun ``` Or import the project into your IDE and run `OAuth2ResourceServerApplication` from there. Once it is up, you can use the following token: ```bash export TOKEN=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzdWJqZWN0IiwiaWF0IjoxNTE2MjM5MDIyfQ.eB2c9xtg5wcCZxZ-o-sH4Mx1JGkqAZwH4_WS0UcDbj_nen0NPBj6CqOEPhr_LZDagb4mM6HoAPJywWWG8b_Ylnn5r2gWDzib2mb0kxIuAjnvVBrpzusw4ItTVvP_srv2DrwcisKYiKqU5X_3ka7MSVvKtswdLY3RXeCJ_S2W9go ``` And then make this request: ```bash curl -H "Authorization: Bearer $TOKEN" localhost:8080 ``` Which will respond with the phrase: ```bash Hello, subject! ``` where `subject` is the value of the `sub` field in the token. Or this: ```bash export TOKEN=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzdWJqZWN0IiwiaWF0IjoxNTE2MjM5MDIyLCJzY29wZSI6Im1lc3NhZ2U6cmVhZCJ9.bsRCpUEaiWnzX4OqNxTBqwUD4vxxtPp-CHKTw7XcrglrvZ2lvYXaiZZbCp-hcPhuzMEzEAFuH6s4GZZOWVIX-wT47GdTz9cfA-Z4QPjS2RxePKphFXgBI3jHEpQo94Qya2fJdV4LvgBmA1uM_RTnYY1UbmeYuHKnXrZoGyV8QQQ curl -H "Authorization: Bearer $TOKEN" localhost:8080/message ``` Will respond with: ```bash secret message ``` == 3. Testing with Other Tokens You can create your own tokens. Simply edit the public key in `OAuth2ResourceServerSecurityConfiguration` to match the private key you use. To use the `/` endpoint, any valid token will do. To use the `/message` endpoint, the token should have the `message:read` scope.