oauth2 example is now polyglot

Author: pmlopes

web-examples/src/main/groovy/io/vertx/example/web/oauth2/server.groovy

@@ -0,0 +1,80 @@
+import groovy.transform.Field
+import io.vertx.ext.web.Router
+import io.vertx.ext.web.handler.CookieHandler
+import io.vertx.ext.web.sstore.LocalSessionStore
+import io.vertx.ext.web.handler.SessionHandler
+import io.vertx.ext.auth.oauth2.providers.GithubAuth
+import io.vertx.ext.web.handler.UserSessionHandler
+import io.vertx.ext.web.handler.OAuth2AuthHandler
+import io.vertx.ext.auth.oauth2.AccessToken
+import io.vertx.ext.web.templ.HandlebarsTemplateEngine
+@Field def CLIENT_SECRET = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+@Field def CLIENT_ID = "xxxxxxxxxxxxxxxxxxxx"
+@Field def engine = HandlebarsTemplateEngine.create()
+// To simplify the development of the web components we use a Router to route all HTTP requests
+// to organize our code in a reusable way.
+def router = Router.router(vertx)
+// We need cookies and sessions
+router.route().handler(CookieHandler.create())
+router.route().handler(SessionHandler.create(LocalSessionStore.create(vertx)))
+// Simple auth service which uses a GitHub to authenticate the user
+def authProvider = GithubAuth.create(vertx, CLIENT_ID, CLIENT_SECRET)
+// We need a user session handler too to make sure the user is stored in the session between requests
+router.route().handler(UserSessionHandler.create(authProvider))
+// we now protect the resource under the path "/protected"
+router.route("/protected").handler(OAuth2AuthHandler.create(authProvider).setupCallback(router.route("/callback")).addAuthority("user:email"))
+// Entry point to the application, this will render a custom template.
+router.get("/").handler({ ctx ->
+  // we pass the client id to the template
+  ctx.put("client_id", CLIENT_ID)
+  // and now delegate to the engine to render it.
+  engine.render(ctx, "views", "/index.hbs", { res ->
+    if (res.succeeded()) {
+      ctx.response().putHeader("Content-Type", "text/html").end(res.result())
+    } else {
+      ctx.fail(res.cause())
+    }
+  })
+})
+// The protected resource
+router.get("/protected").handler({ ctx ->
+  def user = ctx.user()
+
+  user.userInfo({ res ->
+    if (res.failed()) {
+      // request didn't succeed because the token was revoked so we
+      // invalidate the token stored in the session and render the
+      // index page so that the user can start the OAuth flow again
+      ctx.session().destroy()
+      ctx.fail(res.cause())
+    } else {
+      // the request succeeded, so we use the API to fetch the user's emails
+      def userInfo = res.result()
+
+      // fetch the user emails from the github API
+      user.fetch("https://api.github.com/user/emails", { res2 ->
+        if (res2.failed()) {
+          // request didn't succeed because the token was revoked so we
+          // invalidate the token stored in the session and render the
+          // index page so that the user can start the OAuth flow again
+          ctx.session().destroy()
+          ctx.fail(res2.cause())
+        } else {
+          userInfo.private_emails = res2.result().jsonArray()
+          // we pass the client info to the template
+          ctx.put("userInfo", userInfo)
+          // and now delegate to the engine to render it.
+          engine.render(ctx, "views", "/advanced.hbs", { res3 ->
+            if (res3.succeeded()) {
+              ctx.response().putHeader("Content-Type", "text/html").end(res3.result())
+            } else {
+              ctx.fail(res3.cause())
+            }
+          })
+        }
+      })
+    }
+  })
+})
+
+vertx.createHttpServer().requestHandler(router.&accept).listen(8080)

web-examples/src/main/groovy/io/vertx/example/web/oauth2/views/advanced.hbs

@@ -0,0 +1,22 @@
+<html>
+<head>
+</head>
+<body>
+<p>Well, well, well, {{userInfo.login}}!</p>
+<p>
+  {{#if userInfo.email}} It looks like your public email address is {{userInfo.email}}.
+  {{else}} It looks like you don't have a public email. That's cool.
+  {{/if}}
+</p>
+<p>
+  {{#if userInfo.private_emails}}
+  With your permission, we were also able to dig up your private email addresses:
+  {{#each userInfo.private_emails}}
+    {{email}},
+  {{/each}}
+  {{else}}
+  Also, you're a bit secretive about your private email addresses.
+  {{/if}}
+</p>
+</body>
+</html>

web-examples/src/main/groovy/io/vertx/example/web/oauth2/views/index.hbs

@@ -0,0 +1,16 @@
+<html>
+  <head>
+  </head>
+  <body>
+    <p>
+      Well, hello there!
+    </p>
+    <p>
+      We're going to the protected resource, if there is no user in the session we will talk to the GitHub API. Ready?
+      <a href="/protected">Click here</a> to begin!</a>
+    </p>
+    <p>
+      <b>If that link doesn't work</b>, remember to provide your own <a href="https://github.com/settings/applications/new">Client ID</a>!
+    </p>
+  </body>
+</html>

web-examples/src/main/java/io/vertx/example/web/oauth2/Server.java

@@ -8,7 +8,6 @@
 import io.vertx.ext.auth.oauth2.OAuth2Auth;
 import io.vertx.ext.auth.oauth2.providers.GithubAuth;
 import io.vertx.ext.web.Router;
-import io.vertx.ext.web.RoutingContext;
 import io.vertx.ext.web.handler.*;
 import io.vertx.ext.web.sstore.LocalSessionStore;
 import io.vertx.ext.web.templ.HandlebarsTemplateEngine;
@@ -18,114 +17,98 @@
  */
 public class Server extends AbstractVerticle {
 
-  private static final String CLIENT_ID = System.getenv("GH_BASIC_CLIENT_ID");
-  private static final String CLIENT_SECRET = System.getenv("GH_BASIC_SECRET_ID");
-
-  // In order to use a template we first need to create an engine
-  private final HandlebarsTemplateEngine engine = HandlebarsTemplateEngine.create();
-
   // Convenience method so you can run it in your IDE
   public static void main(String[] args) {
     Runner.runExample(Server.class);
   }
 
-  private boolean isAuthenticated(RoutingContext ctx) {
-    return ctx.user() != null;
-  }
+  // you should never store these in code,
+  // these are your github application credentials
+  private static final String CLIENT_ID = "xxxxxxxxxxxxxxxxxxxx";
+  private static final String CLIENT_SECRET = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
 
-  private void authenticate(RoutingContext ctx) {
-    // we pass the client id to the template
-    ctx.put("client_id", CLIENT_ID);
-    // and now delegate to the engine to render it.
-    engine.render(ctx, "views", "/index.hbs", res -> {
-      if (res.succeeded()) {
-        ctx.response()
-          .putHeader("Content-Type", "text/html")
-          .end(res.result());
-      } else {
-        ctx.fail(res.cause());
-      }
-    });
-  }
+  // In order to use a template we first need to create an engine
+  private final HandlebarsTemplateEngine engine = HandlebarsTemplateEngine.create();
 
   @Override
   public void start() throws Exception {
     // To simplify the development of the web components we use a Router to route all HTTP requests
     // to organize our code in a reusable way.
     final Router router = Router.router(vertx);
-    // We need cookies, sessions and request bodies
+    // We need cookies and sessions
     router.route().handler(CookieHandler.create());
-    router.route().handler(BodyHandler.create());
     router.route().handler(SessionHandler.create(LocalSessionStore.create(vertx)));
     // Simple auth service which uses a GitHub to authenticate the user
     OAuth2Auth authProvider = GithubAuth.create(vertx, CLIENT_ID, CLIENT_SECRET);
     // We need a user session handler too to make sure the user is stored in the session between requests
     router.route().handler(UserSessionHandler.create(authProvider));
+    // we now protect the resource under the path "/protected"
+    router.route("/protected").handler(
+      OAuth2AuthHandler.create(authProvider)
+        // we now configure the oauth2 handler, it will setup the callback handler
+        // as expected by your oauth2 provider.
+        .setupCallback(router.route("/callback"))
+        // for this resource we require that users have the authority to retrieve the user emails
+        .addAuthority("user:email")
+    );
     // Entry point to the application, this will render a custom template.
     router.get("/").handler(ctx -> {
-      if (!isAuthenticated(ctx)) {
-        authenticate(ctx);
-      } else {
-        AccessToken user = (AccessToken) ctx.user();
-
-        user.userInfo(res -> {
-          if (res.failed()) {
-            res.cause().printStackTrace();
-            // request didn't succeed because the token was revoked so we
-            // invalidate the token stored in the session and render the
-            // index page so that the user can start the OAuth flow again
-            ctx.session().destroy();
-            authenticate(ctx);
-          } else {
-            // the request succeeded, so we check the list of current scopes
-            JsonArray scopes = new JsonArray();
-            JsonObject userInfo = res.result();
-
-            if (userInfo.containsKey("X-OAuth-Scopes")) {
-              for (String scope : userInfo.getString("X-OAuth-Scopes").split(", ")) {
-                scopes.add(scope);
-              }
-            }
-
-            if (scopes.contains("user:email")) {
-              // fetch the user emails from the github API
-              user.fetch("https://api.github.com/user/emails", res2 -> {
-                if (res2.failed()) {
-                  res2.cause().printStackTrace();
-                  // request didn't succeed because the token was revoked so we
-                  // invalidate the token stored in the session and render the
-                  // index page so that the user can start the OAuth flow again
-                  ctx.session().destroy();
-                  authenticate(ctx);
+      // we pass the client id to the template
+      ctx.put("client_id", CLIENT_ID);
+      // and now delegate to the engine to render it.
+      engine.render(ctx, "views", "/index.hbs", res -> {
+        if (res.succeeded()) {
+          ctx.response()
+            .putHeader("Content-Type", "text/html")
+            .end(res.result());
+        } else {
+          ctx.fail(res.cause());
+        }
+      });
+    });
+    // The protected resource
+    router.get("/protected").handler(ctx -> {
+      AccessToken user = (AccessToken) ctx.user();
+
+      user.userInfo(res -> {
+        if (res.failed()) {
+          // request didn't succeed because the token was revoked so we
+          // invalidate the token stored in the session and render the
+          // index page so that the user can start the OAuth flow again
+          ctx.session().destroy();
+          ctx.fail(res.cause());
+        } else {
+          // the request succeeded, so we use the API to fetch the user's emails
+          final JsonObject userInfo = res.result();
+
+          // fetch the user emails from the github API
+          user.fetch("https://api.github.com/user/emails", res2 -> {
+            if (res2.failed()) {
+              // request didn't succeed because the token was revoked so we
+              // invalidate the token stored in the session and render the
+              // index page so that the user can start the OAuth flow again
+              ctx.session().destroy();
+              ctx.fail(res2.cause());
+            } else {
+              userInfo.put("private_emails", res2.result().jsonArray());
+              // we pass the client info to the template
+              ctx.put("userInfo", userInfo);
+              // and now delegate to the engine to render it.
+              engine.render(ctx, "views", "/advanced.hbs", res3 -> {
+                if (res3.succeeded()) {
+                  ctx.response()
+                    .putHeader("Content-Type", "text/html")
+                    .end(res3.result());
                 } else {
-                  userInfo.put("private_emails", res2.result().jsonArray());
-
-                  // we pass the client id to the template
-                  ctx.put("userInfo", userInfo);
-
-                  // and now delegate to the engine to render it.
-                  engine.render(ctx, "views", "/advanced.hbs", res3 -> {
-                    if (res3.succeeded()) {
-                      ctx.response()
-                        .putHeader("Content-Type", "text/html")
-                        .end(res3.result());
-                    } else {
-                      ctx.fail(res3.cause());
-                    }
-                  });
+                  ctx.fail(res3.cause());
                 }
               });
             }
-
-          }
-        });
-      }
+          });
+        }
+      });
     });
-    // the callback url
-    OAuth2AuthHandler oauth2Handler = OAuth2AuthHandler.create(authProvider, "http://localhost:8080/callback");
-    oauth2Handler.setupCallback(router.route("/callback"));
 
     vertx.createHttpServer().requestHandler(router::accept).listen(8080);
   }
 }
-

web-examples/src/main/java/io/vertx/example/web/oauth2/views/index.hbs

@@ -6,11 +6,11 @@
       Well, hello there!
     </p>
     <p>
-      We're going to now talk to the GitHub API. Ready?
-      <a href="https://github.com/login/oauth/authorize?scope=user:email&client_id={{client_id}}">Click here</a> to begin!</a>
+      We're going to the protected resource, if there is no user in the session we will talk to the GitHub API. Ready?
+      <a href="/protected">Click here</a> to begin!</a>
     </p>
     <p>
-      If that link doesn't work, remember to provide your own <a href="https://github.com/settings/applications/new">Client ID</a>!
+      <b>If that link doesn't work</b>, remember to provide your own <a href="https://github.com/settings/applications/new">Client ID</a>!
     </p>
   </body>
 </html>