Hello, if you have any need, please feel free to consult us, this is my wechat: wx91due
Assignment #4 – Authentication and Authorization [15%]
This assignment relates to the following Course Learning Requirements:
CLR 2: Install and use enterprise programming and deployment tools.
CLR 3: Implement Web Server integration with enterprise applications.
CLR 6: Implement and Integrate various Java based technologies used in the enterprise environment.
Objective of this Assignment:
Implementation of OAuth 2.0 Authorization Code Grant Flow into a previously created application.
You will be able to demonstrate the working application using authN/Z data from Github.
Pre-Assignment Instructions:
1. To prepare you for this assignment, read modules 9 and 10 content and follow the embedded learning activities.
2. In this final portion of the assignments, you will be working with only one service.
a. The UserManagementService which will be used for OAuth 2.0 purposes.
3. To use GitHub’s OAuth 2.0 authentication system for login, you must first Add a new GitHub app.
a. You need to create your GitHub account and then add a new application at the following:
i. https://github.com/settings/developers.
ii. Click the button – New OAuth App and follow the instructions.
b. As an Application name you can enter anything you want to;
c. Homepage URL should be http://localhost:8080;
d. Authorization callback URL should be: http://localhost:8080/login/oauth2/code/github
4. Click Register Application
Note:
The default redirect URI template is {baseUrl}/login/oauth2/code/{registrationId}. The registrationId is a unique identifier, but in this case it’s value equals to “github”. That means you need to specify the same structure in your application.yaml file for Spring Boot:
spring:
security:
oauth2:
client:
registration:
github:
clientId: github-client-id
clientSecret: github-client-secret
and then use the appropriate github-client-id and github-client-secret obtained from GitHub.
5. For simplicity reasons, in this step you may not want to use your microK8s cluster, because only one service is required. However, if you do choose to have a fully working application – this is a good choice.
6. Please pay attention to use “bridged networking” in your VM if you continue to work from VM.
Assignment description:
At this point you will be working on only one task – user authentication using UserManagementService.
1. You need to build the OAuth 2.0 Authorization Code Grant Flow in accordance with RFC 6749 (https://tools.ietf.org/html/rfc6749#section-4.1).
2. As an Authorization Server you will be using GitHub, all other services will be your own, working on your localhost.
3. Since we’ve confirmed that the rest of your application (from Assignments #1-3) is successfully working, all you need to do is correct UserManagementService in such a way that it will generate a token based on data, obtained from the Authorization Provider (in this particular case it is GitHub) after a user tries to log in.
a. As a good starting point you may use this tutorial: https://spring.io/guides/tutorials/spring-boot-oauth2/
4. Once you have received the user data, the UserManagementService must generate a simple UUID token, correlated to the user logged in, and store that token inside the UMS database until the user logs in, or until the session expires (let’s say 15 minutes).
5. In the next step, when the user tries to reach API of another service, the user will provide that token as part of the request and another service will ask the UserManagementService the following questions (through another call to UMS):
a. Whether that token valid (not expired);
b. If yes, which role is that token associated with.
6. At the end of this, depending on the UMS’s response, the target service should either perform the request or return a 401 status.
Assignment Tasks:
After preparation and code implementation from the previous assignments, the point has come in your application for which you must implement Authorization.
What you should do:
· Implement OAuth 2.0 Authorization Code Grant Flow into UserManagementService. Use UUID for tokenizing transmitted data. If you will implement JWT – it is considered a bonus. (5 points)
· The end result of this assignment should provide you with a working and tested code, providing OAuth 2.0 Authorization Code Grant Flow with GitHub as Authorization Provider. (10 points)
Submission Guidelines
You need to submit an archive with name pattern {Course #}_{Section #}_{Last name}_{First name}.zip containing your project source code.
Look at the rubric below to see the break down of your points
CST8277 Assignment # 4 Grading Rubric (15%)
|
Criteria |
Code is fully functional using API calls and token 80-100% |
Code is partially functional, but lacks some requirements 50-79% |
Code is not functional, but a basic understanding of the concepts is demonstrated <50% |
Points
|
|
Github Configured as Authorization Server |
Authorization server properly built and functioning
|
Authorization server built, but not properly receiving/processing requests
|
Authorization not properly built or functioning, but reasonable attempt to do so has been demonstrated
|
/2 |
|
Comments |
|
|
|
|
|
Localhost configured and properly sending requests to Authorization Server.
Token is generated and stored for use across API calls
|
The service properly communicates with the authorization server and receives/generates a token which is stored and used for other API calls.
|
The service communicates with the authorization server but doesn’t properly receive/generate a token or fails to properly store the token for use in other API calls. |
The service cannot communicate with the authorization server or doesn’t properly receive/generate a token or fails to properly store the token for use in other API calls. |
/3 |
|
Comments |
|
|
|
|
|
Demonstration of fully functional code that is capable of leveraging the OAuth instance and issuing a token for use in API service calls |
User can reach API of another service using the token received
UserManagementService (UMS) validates the token (expiry), and which role the token is associated with
UMS either processes the request or returns a status of 401 |
User can reach API of another service using the token received
UserManagementService (UMS) cannot validate the token (expiry) properly or fails to identify the role that the token is associated with
UMS fails to process the request or returns a status of 401 |
User cannot reach API of another service using the token received
UserManagementService (UMS) cannot validate the token (expiry) properly, and/or fails to identify the role that the token is associated with
UMS fails to process the request |
/10 |
|
Comments |
|
|
|
|
|
Total Points |
|
|
|
/15 |