Test using OAuth Assistant

Test using OAuth Assistant

tutorials

The OAuth Assistant is a JavaScript library provided by Curity to help you integrate with OAuth and OpenID Connect. In order to test our configuration we will use a test app which is bundled with the library. If you want to have a deeper look into the library please have a look at this tutorial.

Configuring the Curity Identity Server

The OAuth Assistant uses the OpenID Connect metadata to automatically set up endpoints, keys etc. In order for it to be correctly generated we need to configure our Base Url. We do that by navigating to System -> General in the Admin UI. This is the external URL the runtime will respond to. In this case we are running it locally so we enter https://localhost:8443.

Install and configure OAuth Assistant

You install the OAuth Assistant with npm by using a terminal and running

npm install @curity/oauth-assistant
cd node_modules/@curity/oauth-assistant/
npm install

When it is downloaded we will update the configuration to match our setup of the Curity Identity Server. Open the example/index.js in a text editor and scroll down until you see the authorizeSettings. Here we have to update two attributes. First we will have to change the client_id to our pre-configured client which we named www. After that we need to update the issuer. Since we are using the default endpoints and running on localhost we can just uncomment the line with issuer : "https://localhost:8443/oauth/v2/oauth-anonymous". Make sure to comment out/remove any other issuer.

Find your issuer URL

You can see your issuer URL in the Admin UI be clicking on Profiles -> Token Service -> Info.

After your edits your authorizeSettings should look something like this:

const authorizeSettings = {
    base_url                : "https://localhost:8443",
    client_id               : "www",
    issuer                  : "https://localhost:8443/oauth/v2/oauth-anonymous",
    redirect_uri            : window.origin + "/assisted.html",
    for_origin              : window.origin,
    flow_type               : "code",
    iframe                  : {
        targetElement: 'body',
        width        : null, // take default value
        height       : null, // take default value
        backdrop     : {
            visible      : true, // default is true
            style        : null, // take default value
            backdropClass: "backdrop-class"
        }
    },
    allowed_origins: ["https://localhost:8443", "http://localhost:8080"], // default is [window.origin]
    check_session_iframe    : null,
    session_polling_interval: 5, // polling interval in seconds, default is 5
    allowed_jwt_algorithms  : ['RS256'],
    jwt_sig_public_key      : { // allowed formats are jwk | jwks_uri | pem | issuer | metadata_url | raw
        format: 'issuer', // in case of issuer, the issuer value will be taken from jwt payload
        value : null
    },
    debug                   : false,
    //check_session_iframe_events: checkSessionIframeEvents
};

Run OAuth Assistant

After you have saved the file you can start the example app by running

npm start

This should start a browser to navigate you to http://localhost:8080

Once here you can try out various parts of your configuration. A first step would be to authenticate. You can do that by clicking on Login with Redirect. If an account is available, use it to log in. If this is the first time running, chances are that no account exists.

Self signed certificate

If nothing happens when you click on the Login with Redirect it might be that your browser doesn’t allow the example app to download the configuration in the background until you have allowed the self-signed certificate. You can do that by opening a new tab, navigating to the issuer URL and then reloading the app.

The username/password authenticator can handle registration.

Authentication - Create Account

Click Create Account, on the next screen, fill out the information for the new account. Username, email and password are mandatory fields. Click the Create account button.

When the account creation is complete there is an option to Return to login.

When you are authenticated you can see your access and ID token. You can test SSO by just trying to login again. To try out other flows and features you might have to configure it in the Curity Identity Server first before executing it in the test app.

Next Steps

This concludes the basic “Getting started” track. Head over to the summary article that also covers further suggested reading on additional advanced configuration and integration options.

Keep up with our latest articles and how-tos RSS feeds.