我可以在"示例学习"中找到如何使用OAuth2[1]保护服务的指南。此示例使用一个单独的内省服务器,如下所示。
oauth2:InboundOAuth2Provider oauth2Provider = new ({
url: "https://localhost:9095/oauth2/token/introspect"
});
那么,有没有什么指南/文章可以用来实现内省服务器,这样我就可以编写一个完整的OAuth2场景,用OAuth2保护我的芭蕾舞演员服务?
[1]https://ballerina.io/v1-2/learn/by-example/secured-service-with-oauth2.html
您可以根据RFC给出的说明实现自己的OAuth2自省服务器https://www.rfc-editor.org/rfc/rfc7662.
执行草案见下文。您必须提取接收到的令牌并根据服务器发出的访问令牌进行验证。
import ballerina/config;
import ballerina/http;
listener http:Listener oauth2Server = new(9095, {
secureSocket: {
keyStore: {
path: config:getAsString("keystore"),
password: config:getAsString("keystorePassword")
}
}
});
service oauth2 on oauth2Server {
@http:ResourceConfig {
methods: ["POST"],
path: "/token/introspect"
}
// This introspect the access token against the access token store,
// which holds the issued access tokens.
resource function introspect(http:Caller caller, http:Request req) {
http:Response res = new;
var authorizationHeader = trap req.getHeader("Authorization");
if (authorizationHeader is string) {
// Validate the received authorization header and
// prepare the introspection response.
// (Refer: https://www.rfc-editor.org/rfc/rfc7662#section-2.2)
res = ...;
} else {
// Invalid client.
// (Refer: https://www.rfc-editor.org/rfc/rfc6749#section-5.2)
res.statusCode = 401;
res.setPayload("invalid_client");
}
checkpanic caller->respond(res);
}
}