如何用 ballerina 编写内省服务器
How to write Introspection server with ballerina
我可以在 "Learn by Example" 如何使用 OAuth2 [1] 保护服务中找到指南。此示例使用如下所示的单独内省服务器。
oauth2:InboundOAuth2Provider oauth2Provider = new ({
url: "https://localhost:9095/oauth2/token/introspect"
});
那么有没有 guide/article 我可以用来实现内省服务器,这样我就可以编写一个完整的 OAuth2 场景来使用 OAuth2 保护我的芭蕾舞女演员服务?
[1] https://ballerina.io/v1-2/learn/by-example/secured-service-with-oauth2.html
您可以根据 RFC https://www.rfc-editor.org/rfc/rfc7662.
给出的说明实现自己的 OAuth2 内省服务器
可以在下面找到实施草案。您必须根据服务器发出的访问令牌再次提取和验证接收到的令牌。
import ballerina/config;
import ballerina/http;
listener http:Listener oauth2Server = new(9095, {
secureSocket: {
keyStore: {
path: config:getAsString("keystore"),
password: config:getAsString("keystorePassword")
}
}
});
service oauth2 on oauth2Server {
@http:ResourceConfig {
methods: ["POST"],
path: "/token/introspect"
}
// This introspect the access token against the access token store,
// which holds the issued access tokens.
resource function introspect(http:Caller caller, http:Request req) {
http:Response res = new;
var authorizationHeader = trap req.getHeader("Authorization");
if (authorizationHeader is string) {
// Validate the received authorization header and
// prepare the introspection response.
// (Refer: https://www.rfc-editor.org/rfc/rfc7662#section-2.2)
res = ...;
} else {
// Invalid client.
// (Refer: https://www.rfc-editor.org/rfc/rfc6749#section-5.2)
res.statusCode = 401;
res.setPayload("invalid_client");
}
checkpanic caller->respond(res);
}
}
我可以在 "Learn by Example" 如何使用 OAuth2 [1] 保护服务中找到指南。此示例使用如下所示的单独内省服务器。
oauth2:InboundOAuth2Provider oauth2Provider = new ({
url: "https://localhost:9095/oauth2/token/introspect"
});
那么有没有 guide/article 我可以用来实现内省服务器,这样我就可以编写一个完整的 OAuth2 场景来使用 OAuth2 保护我的芭蕾舞女演员服务?
[1] https://ballerina.io/v1-2/learn/by-example/secured-service-with-oauth2.html
您可以根据 RFC https://www.rfc-editor.org/rfc/rfc7662.
给出的说明实现自己的 OAuth2 内省服务器可以在下面找到实施草案。您必须根据服务器发出的访问令牌再次提取和验证接收到的令牌。
import ballerina/config;
import ballerina/http;
listener http:Listener oauth2Server = new(9095, {
secureSocket: {
keyStore: {
path: config:getAsString("keystore"),
password: config:getAsString("keystorePassword")
}
}
});
service oauth2 on oauth2Server {
@http:ResourceConfig {
methods: ["POST"],
path: "/token/introspect"
}
// This introspect the access token against the access token store,
// which holds the issued access tokens.
resource function introspect(http:Caller caller, http:Request req) {
http:Response res = new;
var authorizationHeader = trap req.getHeader("Authorization");
if (authorizationHeader is string) {
// Validate the received authorization header and
// prepare the introspection response.
// (Refer: https://www.rfc-editor.org/rfc/rfc7662#section-2.2)
res = ...;
} else {
// Invalid client.
// (Refer: https://www.rfc-editor.org/rfc/rfc6749#section-5.2)
res.statusCode = 401;
res.setPayload("invalid_client");
}
checkpanic caller->respond(res);
}
}