jobmission / Oauth2 Server
Licence: mit
spring boot (springboot 2+) oauth2 server sso 单点登录 认证中心 JWT,独立部署,用户管理 客户端管理
Stars: ✭ 363
Programming Languages
java
68154 projects - #9 most used programming language
Projects that are alternatives of or similar to Oauth2 Server
Hydra
OpenID Certified™ OpenID Connect and OAuth Provider written in Go - cloud native, security-first, open source API security for your infrastructure. SDKs for any language. Compatible with MITREid.
Stars: ✭ 11,884 (+3173.83%)
Mutual labels: sso, oauth2-server, oauth2-provider
Oauth2 Server
OAuth2 Server Library
Stars: ✭ 42 (-88.43%)
Mutual labels: oauth2-server, oauth2-provider
Doorkeeper Provider App
An example OAuth 2 provider application using the Doorkeeper gem, Rails and Devise
Stars: ✭ 146 (-59.78%)
Mutual labels: oauth2-server, oauth2-provider
Flask Oauthlib
YOU SHOULD USE https://github.com/lepture/authlib
Stars: ✭ 1,429 (+293.66%)
Mutual labels: oauth2-server, oauth2-provider
Doorkeeper
Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape.
Stars: ✭ 4,917 (+1254.55%)
Mutual labels: oauth2-server, oauth2-provider
Ex oauth2 provider
Making OAuth 2 provider and authentication with http bearer as simple as possible for Elixir and Phoenix apps
Stars: ✭ 137 (-62.26%)
Mutual labels: oauth2-server, oauth2-provider
Example Oauth2 Server
Example for OAuth 2 Server for Authlib.
Stars: ✭ 499 (+37.47%)
Mutual labels: oauth2-server, oauth2-provider
Authlib
The ultimate Python library in building OAuth, OpenID Connect clients and servers. JWS,JWE,JWK,JWA,JWT included.
Stars: ✭ 2,854 (+686.23%)
Mutual labels: oauth2-server, oauth2-provider
Light Oauth2
A fast, light and cloud native OAuth 2.0 authorization microservices based on light-4j
Stars: ✭ 247 (-31.96%)
Mutual labels: oauth2-server, oauth2-provider
Oauth2
OAuth 2.0 server library for the Go programming language.
Stars: ✭ 2,173 (+498.62%)
Mutual labels: oauth2-server, oauth2-provider
oauth2
A standalone OAuth2 & SSO server based on go-oauth2
Stars: ✭ 107 (-70.52%)
Mutual labels: sso, oauth2-server
authentik
The authentication glue you need.
Stars: ✭ 2,941 (+710.19%)
Mutual labels: sso, oauth2-server
phoenix oauth2 provider
Get an OAuth 2 provider running in your phoenix with controllers, views and models in just two minutes
Stars: ✭ 72 (-80.17%)
Mutual labels: oauth2-provider, oauth2-server
mern-google-login
Authentication flow for React & Express.js application using Google OAuth
Stars: ✭ 39 (-89.26%)
Mutual labels: oauth2-server
Jpproject.identityserver4.sso
🔒 ASP.NET Core 3.1 Open Source SSO. Built within IdentityServer4 🔑
Stars: ✭ 298 (-17.91%)
Mutual labels: sso
docker-lemonldap
Docker LemonLDAP-NG Image w/S6 overlay, Zabbix Monitoring based on Debian or Alpine
Stars: ✭ 20 (-94.49%)
Mutual labels: sso
mcloud-oauth2-server
使用Spring OAuth2实现的OAuth2 资源服务器以及认证服务器
Stars: ✭ 57 (-84.3%)
Mutual labels: oauth2-server
SpringBoot 2.3.x oauth2 server, SSO 单点登录
创建数据库:持久层采用JPA框架,项目启动前必须先创建数据库,启动时数据表会自动创建
#默认用Mysql数据库,如需用其他数据库请修改配置文件以及数据库驱动
#创建数据库SQL:数据库名、数据库用户名、数据库密码需要和application.properties中的一致
CREATE DATABASE IF NOT EXISTS oauth2_server DEFAULT CHARSET utf8 COLLATE utf8_general_ci;
create user 'oauth2_server'@'localhost' identified by 'password_dev';
grant all privileges on oauth2_server.* to 'oauth2_server'@'localhost';
#初始化数据sql在src/main/resources/sql/init.sql,可自行修改client_id等初始化数据
支持的授权模式grant_type
authorization_code, password, refresh_token
- authorization_code模式:用于PC端,页面跳转,安全性最高,需要两步获取token;
需确保redirect_uri和数据库中对应的redirect_uri一致
1. Get /oauth/authorize?client_id=SampleClientId&response_type=code&redirect_uri=http://client.sso.com/login/oauth2/code/sso-login
用户同意授权后服务端响应,浏览器重定向到:http://client.sso.com/login?code=1E37Xk,接收code,然后后端调用步骤2获取token
2. Post /oauth/token?client_id=SampleClientId&client_secret=tgb.258&grant_type=authorization_code&redirect_uri=http://client.sso.com/login/oauth2/code/sso-login&code=1E37Xk
响应:
{
"access_token": "a.b.c",
"token_type": "bearer",
"refresh_token": "d.e.f",
"expires_in": 43199,
"scope": "user_info",
"userId": "1",
"jti": "823cdd71-4732-4f9d-b949-a37ceb4488a4"
}
- password模式:用于手机端或者其他无页面跳转场景,应由后台服务端调用,保护client_id和client_secret
Post /oauth/token?client_id=SampleClientId&client_secret=tgb.258&grant_type=password&scope=user_info&username=zhangsan&password=tgb.258
响应:
{
"access_token": "a.b.c",
"token_type": "bearer",
"refresh_token": "d.e.f",
"expires_in": 43199,
"scope": "user_info",
"userId": "1",
"jti": "823cdd71-4732-4f9d-b949-a37ceb4488a4"
}
RSA密钥生成,用于签名token,客户端、资源端本地验证token
使用Java工具包中的keytool制作证书jwt.jks,重要参数:设置别名为【jwt】,有效天数为【1000】,密码为【keypass】,替换位置src/main/resources/jwt.jks
keytool -genkey -alias jwt -keyalg RSA -keysize 2048 -keystore /your/path/to/jwt.jks -validity 1000
jwk-set-uri:resource server 可以得到jwt token签名公钥并缓存,进行本地验证
Get /.well-known/jwks.json
issuer-uri:resource server 可以得到jwt token签名公钥等信息
Get /.well-known/oauth-authorization-server
验证token,用于在资源端调用验证token是否有效
Post /oauth/check_token?token=a.b.c
访问受保护资源,请求时携带token
Get /user/me?access_token=a.b.c
或者http header中加入Authorization,如下
Authorization: Bearer a.b.c
刷新token
Post /oauth/token?client_id=SampleClientId&client_secret=tgb.258&grant_type=refresh_token&refresh_token=d.e.f
注册新用户接口
1、获取验证码序号
Get /captcha/graph
响应:
{
"graphUrl": "/captcha/graph/print?graphId=32a41c71-d74a-4aa6-b73c-af3627e82485",
"graphId": "32a41c71-d74a-4aa6-b73c-af3627e82485",
"ttl": 300,
"status": 1
}
2、显示验证码
Get /captcha/graph/print?graphId=a32a41c71-d74a-4aa6-b73c-af3627e82485
响应:
图片流
3、调用注册接口
Post /oauth/signUp?username=lisi&password=yourpass0!&graphId=a32a41c71-d74a-4aa6-b73c-af3627e82485&verificationCode=1324
响应:
{
"status": 1,
"timestamp": 1561729652797
}
启动方法
java -jar oauth2-server-0.0.4-SNAPSHOT.jar
或者指定配置文件覆盖默认配置
java -jar oauth2-server-0.0.4-SNAPSHOT.jar --spring.config.additional-location=/path/to/override.properties
管理员角色登录后,可以对用户和client进行管理
效果图
注意!!!
当Server和Client在一台机器上时,请配置域名代理,避免cookie相互覆盖
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].