{"id":13514896,"url":"https://github.com/GluuFederation/oxAuth","last_synced_at":"2025-03-31T04:36:04.552Z","repository":{"id":15418250,"uuid":"18150497","full_name":"GluuFederation/oxAuth","owner":"GluuFederation","description":"OAuth 2.0 server and client; OpenID Connect Provider (OP) \u0026 UMA Authorization Server (AS)","archived":false,"fork":false,"pushed_at":"2024-04-22T11:21:57.000Z","size":31977,"stargazers_count":409,"open_issues_count":34,"forks_count":148,"subscribers_count":39,"default_branch":"master","last_synced_at":"2024-04-22T11:58:35.270Z","etag":null,"topics":["authentication","authorization","oauth2","openid-connect","openid-provider","single-sign-on","sso","sso-authentication","sso-login","uma"],"latest_commit_sha":null,"homepage":"https://gluu.org/docs/ce","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/GluuFederation.png","metadata":{"files":{"readme":"README","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2014-03-26T19:14:35.000Z","updated_at":"2024-04-25T20:43:13.348Z","dependencies_parsed_at":"2023-12-20T07:24:37.966Z","dependency_job_id":"deb24863-e343-48df-92b7-591582a0bab8","html_url":"https://github.com/GluuFederation/oxAuth","commit_stats":null,"previous_names":[],"tags_count":26,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GluuFederation%2FoxAuth","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GluuFederation%2FoxAuth/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GluuFederation%2FoxAuth/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GluuFederation%2FoxAuth/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/GluuFederation","download_url":"https://codeload.github.com/GluuFederation/oxAuth/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246418658,"owners_count":20773934,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","authorization","oauth2","openid-connect","openid-provider","single-sign-on","sso","sso-authentication","sso-login","uma"],"created_at":"2024-08-01T05:01:03.351Z","updated_at":"2025-03-31T04:36:04.490Z","avatar_url":"https://github.com/GluuFederation.png","language":"Java","readme":"BUILD\n\n1. Install maven version 3.0.3 or later (see how to install maven here:\n   http://maven.apache.org/download.html#Installation)\n   Use JDK version 6 (not 5)\n\n2. Download the source code from the subversion repository located at:\n   https://svn.gluu.info/repository/openxdi/oxAuth\n\n3. Install gluu-core.jar using the command:\n   mvn install:install-file -Dfile=gluu-core.jar -DgroupId=org.gluu -DartifactId=gluu-core -Dversion=1.0 -Dpackaging=jar\n\n4. Configure the file Server/src/test/resources/conf/oxauth-ldap.properties\n\n5. Go to Client directory of oxAuth Project and run command: mvn clean install\n\n6. Go to Server directory of oxAuth Project and run command: mvn clean install\n\n\n\nDEPLOYMENT\n\n1. Use Tomcat 6.x or later\n\n2. Use JDK version 6 (not 5)\n\n3. Copy and edit the files located at Server/conf to TOMCAT_HOME/conf\n\n4. Copy the file Server/target/oxauth.war to TOMCAT_HOME/webapps\n\n\nTo test the deployment:\n\n1. Edit the file Client/test/resources/testng.xml, change all the test attributes to enabled=“true” and point the URLs\n   to your deployment.\n\n2. Go to Client directory of oxAuth Project and run command: mvn test\n\n\nTesting with SSL and self signed certificate:\n\n1. openssl s_client -connect localhost:8443\n\n2. Cut and paste the certificate (including BEGIN and END lines) into a local file localhost.pem\n\n3. sudo keytool -import -alias localhost -keystore $JAVA_HOME/jre/lib/security/cacerts -file localhost.pem\n\n4. The default keystore password is: changeit\n\n\nJAVADOC\n\n1. Generate the documentation using the command: mvn javadoc:jar\n\n\n\nINTEGRATE oxAuth WITH YOUR SYSTEM\n\n1. Register your Web Application as a client in the file TOMCAT_HOME/conf/oxauth-registration.xml\n\n2. From step 1, make available in your Web Application the following oxAuth registration values:\n\nclient-identifier\nclient-secret\nredirection-uri\n\n3. In your web app add a link to the following URL (extra line breaks are for display purposes only):\n\nhttp://localhost:8080/oxauth/authorize?\nresponse_type=code\n\u0026client_id=\u003cyour-client-identifier\u003e\n\u0026redirect_uri=\u003cyour-redirection-uri\u003e\n\u0026state=\u003cstate\u003e\n\nWhere:\n- response_type is mandatory and must be set to \"code\".\n- client_id is mandatory and must be set to the value from step 2.\n- redirect_uri is mandatory and must be set to the value from step 2.\n  It must be URL encoded, for example: https%3A%2F%2Fclient.example.com%2Fcb%3ffoo%3dbar\n  To encode it you can use: java.net.URLEncoder.encode(redirectUri, \"UTF-8\")\n- state is optional but recommended to prevent cross-site request forgery.\n  It is an opaque value used by the client to maintain state between the request and callback.\n  So, you generate a value, send it to oxAuth and the state value returned from oxAuth must be the same you sent.\n\nCODE:\nAuthorizationRequest authorizationRequest = new AuthorizationRequest(ResponseType.CODE, clientId);\nauthorizationRequest.setRedirectUri(redirecturi);\nauthorizationRequest.setState(state);\nString queryString = \"http://localhost:8080/oxauth/authorize?\" + authorizationRequest.getQueryString();\n// Put the queryString in a link or redirect to it.\n\n4. In this step oxAuth will ask the user to login if it is not already logged in, and request its permission.\n\n5. If the user grants permission, oxAuth will redirect to your redirect_uri and send an authorization code as parameter.\n   For example (extra line breaks are for display purposes only):\n\n\u003cyour-redirection-uri\u003e?\ncode=\u003cauthorization-code\u003e\n\u0026state=\u003cstate\u003e\n\nIf user denies the permission you will receive a response like:\n\n\u003cyour-redirection-uri\u003e?\nerror=access_denied\n\u0026error_description=\u003cdescription-about-the-error\u003e\n\u0026state=\u003cstate\u003e\n\n6. Use the authorization code you receive in step 5 to request an access token:\n\nCODE:\nString credentials = clientIdentifier + \":\" + clientSecret;\nString tokenUrl = \"http://localhost:8080/oxauth/restv1/token\";\nTokenClient tokenClient = new TokenClient(tokenUrl);\nTokenResponse response = tokenClient.execAuthorizationCode(authorizationCode, redirectUri, credentials);\nString accessToken = response.getAccessToken();\n\nWhere:\n- authorizationCode Received in step 5\n- redirectUri Your redirect URI\n- credentials From step 2 concatenated with a colon in the middle:\n  credentials = clientIdentifier + \":\" + clientSecret;\n\n7. To extract the information encoded in the accessToken (JWT):\n\nCODE:\nJwtToken jwtToken = new JwtToken(accessToken);\n\njwtToken.getType();\njwtToken.getAlgorithm();\njwtToken.getJsonWebKeyUrl();\njwtToken.getKeyId();\njwtToken.getExpirationTime();\njwtToken.getIssuedAt();\njwtToken.getIssuer();\njwtToken.getUserId();\njwtToken.getAudience();\njwtToken.getOxInum();\njwtToken.getOxOpenIdConnectVersion();\n\njwtToken.validateSignature(credentials));\n\n8. To validate your accessToken:\n\nCODE:\nvalidateUrl = \"localhost:8080/oxauth/restv1/validate\";\nValidateTokenClient validateTokenClient = new ValidateTokenClient(validateTokenUrl);\nValidateTokenResponse response = validateTokenClient.execValidateToken(accessToken);\n\nresponse.isValid();\nresponse.getExpiresIn(); // Value in seconds\n\n\n\nLOCALHOST TEST URL\n\nhttp://localhost:8080/oxauth/authorize?response_type=code\u0026redirect_uri=https%3A%2F%2Fclient.example.com%2Fcb%3ffoo%3dbar\u0026state=xyz\u0026client_id=@!1111!0008!FF81!2D39\nhttp://localhost:8080/oxauth/authorize.seam?response_type=code\u0026client_id=06fe985f-4111-41cf-a16d-434ff48f92a2.localhost\u0026redirect_uri=http%3A%2F%2Flocalhost%2FoxServer\u0026state=xyz\n\n\n\nREGISTRATION\n\n$ cat clients.ldif\ndn: ou=clients,o=gluu\nobjectClass: organizationalUnit\nobjectClass: top\nou: clients\n\n$ ldapmodify --defaultAdd --port 1389 --bindDN 'cn=directory manager' --bindPassword secret --filename clients.ldif\n\n\n\n\n$ cat addClient.ldif\ndn: inum=@!1111!0000!6216!CCE6,ou=clients,o=gluu\ndisplayName: oxAuth test app\ninum: @!1111!0000!6216!CCE6\nobjectClass: oxAuthClient\nobjectClass: top\noxAuthAppType: web\noxAuthClientExpirationDate: 20120120152419.312Z\noxAuthRedirectURI: https://client.example.com/cb\noxAuthRedirectURI: https://client.example.com/cb1\noxAuthRedirectURI: https://client.example.com/cb2\noxAuthScope: openid\noxAuthScope: profile\noxAuthScope: address\noxAuthScope: email\noxAuthClientSecret: 607ae292-c8fe-486e-87d8-c28f84f8c0bd\n\n$ ldapmodify --defaultAdd --port 1389 --bindDN 'cn=directory manager' --bindPassword secret --filename addClient.ldif\n\n\n\noxTrust\nclient_id: @!1111!0008!C2EB!75F1\n\noxPlus\nclient_id: @!1111!0008!2A19!9A70\n\noxServer\nclient_id: @!1111!0008!7119!0560\n\nGluu IDP\nclient_id: @!1111!0008!45C0!BE6E\n\nTest\nclient_id: @!1111!0008!FF81!2D39\n\noxModel\nclient_id: @!1111!0008!92C1!D277\n\noxGraph\nclient_id: @!1111!0008!0336!1008\n\noxTestTool\nclient_id: @!1111!0008!A64C!475C\n\nclient_id: @!1111!0008!31FD!E7E7\n\nclient_id: @!1111!0008!2D7F!97C2\n","funding_links":[],"categories":["Java","安全","Secure Programming"],"sub_categories":["Secure Web dev"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FGluuFederation%2FoxAuth","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FGluuFederation%2FoxAuth","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FGluuFederation%2FoxAuth/lists"}