Test using OAuth Assistant

Test using OAuth Assistant

On this page

The OAuth Assistant is a JavaScript library provided by Curity to help you integrate with OAuth and OpenID Connect. This tutorial uses a test app that is open source and available in the repository called oauth-assistant-example on GitHub. If you want to have a deeper look into the library, please check out the OAuth Assistant tutorial.

Configuring the Curity Identity Server

The OAuth Assistant uses the OpenID Connect metadata to automatically set up endpoints, keys etc. In order for the metadata to be correctly generated, you need to configure the Base Url. This is the external URL the runtime responds to. Navigate to System -> General in the Admin UI. This tutorial assumes that the Curity Identity Server runs locally. Thus enter https://localhost:8443.

Get Started with OAuth Assistant

Install the example application and its dependencies using the following steps:

git clone git@github.com:curityio/oauth-assistant-example.git
cd oauth-assistant-example
npm install

Now update the configuration to match the setup of the Curity Identity Server. Open the index.js in a text editor and scroll down until you see the defaultAuthorizeSettings. Here, update two attributes. First, change the client_id to the pre-configured client — www. After that, update the issuer. Uncomment the line with issuer : "https://localhost:8443/oauth/v2/oauth-anonymous". This matches the setup of this tutorial, since it uses the default endpoints and the server is running on localhost. Make sure to comment out/remove any other issuer.

Find your issuer URL

The issuer URL can be found in the Admin UI by clicking on Profiles -> Token Service -> Info.

After the edits, the defaultAuthorizeSettings should look something like this:

const defaultAuthorizeSettings = {
    base_url                : "https://localhost:8443",
    client_id               : "www",
    issuer                  : "https://localhost:8443/oauth/v2/oauth-anonymous",
    redirect_uri            : window.origin + "/assisted.html",
    for_origin              : window.origin,
    flow_type               : "code",
    iframe                  : {
        targetElement: 'body',
        width        : null, // take default value
        height       : null, // take default value
        backdrop     : {
            visible      : true, // default is true
            style        : null, // take default value
            backdropClass: "backdrop-class"
    allowed_origins: ["https://localhost:8443", "http://localhost:8080"], // default is [window.origin]
    check_session_iframe    : null,
    session_polling_interval: 5, // polling interval in seconds, default is 5
    allowed_jwt_algorithms  : ['RS256'],
    jwt_sig_public_key      : { // allowed formats are jwk | jwks_uri | pem | issuer | metadata_url | raw
        format: 'issuer', // in case of issuer, the issuer value will be taken from jwt payload
        value : null
    debug                   : false,
    //check_session_iframe_events: checkSessionIframeEvents

Run OAuth Assistant

Save the file, and start the example app by running:

npm start

This should start a browser and navigate to http://localhost:8080.

Once here you can try out various parts of your configuration. The first step would be to authenticate. To do that click on Login with Redirect. If an account is available, use it to log in. If this is the first time running, chances are that no account exists. In this case, create a new account.

The username/password authenticator can handle registration.

Authentication - Create Account

Click the Create account link. Fill out the information for the new account. Username, email and password are mandatory fields. Submit the form and finish account creation by clicking the Create account button under the form.

After successful account creation you have the option to Return to login.

Self signed certificate

If nothing happens when you click on the Login with Redirect it might be that your browser doesn't allow the example app to download the configuration in the background until you have allowed the self-signed certificate. You can do that by opening a new tab, navigating to the issuer URL and then reloading the app.

When you are authenticated you can see your access and ID token. You can test SSO by just trying to log in again. To try out other flows and features you might have to adapt the configuration in the Curity Identity Server before being able to experiment with the example app.

Next Steps

This concludes the basic "Getting started" track. Head over to the summary article that also covers further suggested reading on additional advanced configuration and integration options.