Is there a way to validate oauth token sent by approuter in plain java application ( micro service in cloud foundry ) without using spring -


i have approuter written in node.js sends jwt token java application after user authentication.

i need verify token , scope in spring application before executing rest api, there way same thing without using spring feature?

one option use /check_token endpoint of uaa. nice thing approach it's pretty easy without of external libraries since it's matter of sending http request. there's no crypto (other tls) required, uaa handles you. however, require client credentials can identify application checking token uaa , has overhead of sending http request.

ex:

curl 'http://uaa.example.com/check_token' -i -u 'app:appclientsecret' -x post \     -d 'token=53dbe3e05dcf4ff38d350bc74a7fc97bscopes=password.write%2cscim.userids' 

where app , appclientsecret app's client credentials & scopes attribute optional, if include it, uaa validate scopes indicate present on token.

more @ following links:

the other option validate token yourself. requires signed token , requires have shared secret between server , in case of cloud foundry, uaa.

i don't have instructions walk through without spring, spring security open source can take @ code , see how it's done.

it looks decodeandverify method of jwthelper place start. there's example of how jwthelper used here.

hope helps!


Comments

Popular posts from this blog

ZeroMQ on Windows, with Qt Creator -

unity3d - Unity SceneManager.LoadScene quits application -

python - Error while using APScheduler: 'NoneType' object has no attribute 'now' -