8 | If you operate the AuthenticationServer, you can add a client by directly editing it's database. In a production environment, this entry would be generated by an admin console or a client API Key Request Page. If you do not operate the resource owner, then you must contact the service in some way to get the keys. 9 |
10 | 11 |13 | Configure the ClientApplication by entering the ClientID in this form. Each meteor site operates differently, so there is not unified API website to goto. The AuthenticationServer will need the following a Redirect URI: 14 |
15 | 16 |19 | Good news! Your user was authenticated with OAuth2. While the authentication is indication that data 20 | is being transferred from the resource service using tokens. You can view the results here. 21 |
22 | 23 |accessToken: {{ getUserAccessToken }}
25 | 26 | 27 | 28 | {{#if getUserIdResult}} 29 |31 | This step is also performed server-to-server by the client application and is 32 | only done here for testing purposes. Here we are using the newly acquired 33 | access token, we retrieve the userId associated with the access token. These two 34 | should match. 35 |
36 || expected id | 39 |{{ getUserOAuth2Id }} | 40 |This was given to us by the oauth2 service during login. | 41 |
| actual id | 44 |{{ getUserIdResult }} | 45 |This was retrieved via REST using the access token. | 46 |
56 | For the sake of convenience while you experiment, you can reset configuration for the ClientApplication. 57 | This will make the login button you see above goto it's unconfigured state. 58 |
59 | 60 |
15 | This meteor-oauth2-server package currently provides functionality for both the
16 | AuthenticationServer and the ResourceServer. This functionality may be split into separate packages
17 | and/or examples in the future; however, for the time being, AuthenticationServer and ResourceServer
18 | are the same application.
19 |
21 | The following steps represent the steps that are necessary to properly negotiate an oauth2 token 22 | (Described here). 23 | While these steps work on this site, this site is for testing and demo purposes only. Do not use 24 | this configuration in production. You'll know if everything is working if you can get to Step A7 25 | and the user ids match. 26 |
27 | 28 |32 | The AuthenticationServer & ResourceServer need to know about the ClientApplication that's going 33 | to authenticate to it. So the first step in configuring the ResourceServer is to register a 34 | Client ID and Client Secret. The following form illustrates what might be provided to a customer 35 | who is self-configuring a client application via an API Key Generation page. 36 |
37 | 38 | {{#if clientCount}} 39 |Client created.
40 |41 | For the sake of testing, you can remove all the created clients. 42 | 43 |
44 | {{/if}} 45 | 46 | {{#unless clientCount }} 47 | 77 | 78 |79 | However the record is created, the server is going to look for a client that exists, is active, 80 | and it's redirectUri must match the redirect_uri provided in the URL. If not, the creation 81 | of the authorization code in step 4 will fail. 82 |
83 | {{/unless}} 84 | 85 |A login page needs to be created. This is done by visiting the site with the proper url parameters.
90 | {{#unless isUrlParamsValid }} 91 |The URL params are not set in order to authorize an oauth2 token.
92 |The following link will simulate arriving to this page from another site that wishes to authenticate with oauth2.
93 | Simulate proper link. 94 | {{/unless}} 95 | 96 | {{#if isUrlParamsValid}} 97 |Here are the url params this site received.
98 || clint_id | 101 |{{ urlParams.client_id }} | 102 |
| redirect_uri | 105 |{{ urlParams.redirect_uri }} | 106 |
| response_type | 109 |{{ urlParams.response_type }} | 110 |
The user must be authenticated to authorize an oauth2 request.
118 | {{> loginButtons}} 119 | {{/unless}} 120 | 121 | {{#if currentUser}} 122 |User is authenticated.
123 | {{> loginButtons}} 124 | 125 |This is the button a user would click to allow {{ urlParams.client_id }} access to your email address.. etc.
128 | 129 | 130 | {{#if grantResult}} 131 |Grant was run with the given params. Normally, the user would be redirected to the redirect URI.
133 || Success | 136 |{{ grantResult.success }} | 137 |
| Error | 140 |{{ grantResult.error }} | 141 |
| Authorization Code | 144 |{{ grantResult.authorizationCode }} | 145 |
| RedirectUri | 148 |{{ grantResult.redirectToUri}} | 149 |
This is where the user's interaction generally stops. For testing purposes, now that you have an authorization code, you can test service by retrieving an access token.
154 | 155 | 156 | {{#if tokenResult}} 157 |160 | Using the authorizationCode, the client applicationg would post back to this server 161 | to request a token. This is the token you'd use to run REST calls and alike. 162 | This is server to server communication. This example is only for testing purposes to 163 | ensure we did everything properly. 164 |
165 || access_token | 168 |{{ tokenResult.access_token }} | 169 |
| expires_in | 172 |{{ tokenResult.expires_in }} | 173 |
| token_type | 176 |{{ tokenResult.token_type }} | 177 |
183 | This step is also performed server-to-server by the client application and is 184 | only done here for testing purposes. Here we are using the newly acquired 185 | access token, we retrieve the userId associated with the access token. 186 |
187 || expected id | 190 |{{ currentUser._id }} | 191 |This was given to us by Meteor. | 192 |
| actual id | 195 |{{ getUserIdResult }} | 196 |This was retrieved via REST using the access token. | 197 |
This shows a list of all the existing auth codes.
213 |This shows a list of all the existing refresh tokens.
222 |