The OAuth Assistant is a JavaScript library provided by Curity to help you integrate with OAuth and OpenID Connect. In order to test our configuration we will use a test app which is bundled with the library. If you want to have a deeper look into the library please have a look at this tutorial.
Configuring the Curity Identity Server
The OAuth Assistant uses the OpenID Connect metadata to automatically set up endpoints, keys etc. In order for it to be correctly generated we need to configure our Base Url
. We do that by navigating to System -> General in the Admin UI. This is the external URL the runtime will respond to. In this case we are running it locally so we enter https://localhost:8443
.
Install and configure OAuth Assistant
You install the OAuth Assistant with npm by using a terminal and running
npm install @curity/oauth-assistant
cd node_modules/@curity/oauth-assistant/
npm install
When it is downloaded we will update the configuration to match our setup of the Curity Identity Server. Open the example/index.js
in a text editor and scroll down until you see the authorizeSettings
. Here we have to update two attributes. First we will have to change the client_id
to our pre-configured client which we named www
. After that we need to update the issuer
. Since we are using the default endpoints and running on localhost we can just uncomment the line with issuer : "https://localhost:8443/oauth/v2/oauth-anonymous"
. Make sure to comment out/remove any other issuer
.
Find your issuer URL
You can see your issuer URL in the Admin UI be clicking on Profiles -> Token Service -> Info.
After your edits your authorizeSettings
should look something like this:
const authorizeSettings = {
base_url : "https://localhost:8443",
client_id : "www",
issuer : "https://localhost:8443/oauth/v2/oauth-anonymous",
redirect_uri : window.origin + "/assisted.html",
for_origin : window.origin,
flow_type : "code",
iframe : {
targetElement: 'body',
width : null, // take default value
height : null, // take default value
backdrop : {
visible : true, // default is true
style : null, // take default value
backdropClass: "backdrop-class"
}
},
allowed_origins: ["https://localhost:8443", "http://localhost:8080"], // default is [window.origin]
check_session_iframe : null,
session_polling_interval: 5, // polling interval in seconds, default is 5
allowed_jwt_algorithms : ['RS256'],
jwt_sig_public_key : { // allowed formats are jwk | jwks_uri | pem | issuer | metadata_url | raw
format: 'issuer', // in case of issuer, the issuer value will be taken from jwt payload
value : null
},
debug : false,
//check_session_iframe_events: checkSessionIframeEvents
};
Run OAuth Assistant
After you have saved the file you can start the example app by running
npm start
This should start a browser to navigate you to http://localhost:8080
Once here you can try out various parts of your configuration. A first step would be to authenticate. You can do that by clicking on Login with Redirect
. If an account is available, use it to log in. If this is the first time running, chances are that no account exists.
Self signed certificate
If nothing happens when you click on the Login with Redirect it might be that your browser doesn’t allow the example app to download the configuration in the background until you have allowed the self-signed certificate. You can do that by opening a new tab, navigating to the issuer
URL and then reloading the app.
The username/password authenticator can handle registration.
Click Create Account
, on the next screen, fill out the information for the new account. Username, email and password are mandatory fields. Click the Create account
button.
When the account creation is complete there is an option to Return to login
.
When you are authenticated you can see your access and ID token. You can test SSO by just trying to login again. To try out other flows and features you might have to configure it in the Curity Identity Server first before executing it in the test app.
Next Steps
This concludes the basic “Getting started” track. Head over to the summary article that also covers further suggested reading on additional advanced configuration and integration options.
Let’s Stay in Touch!
Get the latest on identity management, API Security and authentication straight to your inbox.