{"id":20726882,"url":"https://github.com/hmcts/service-auth-provider-java-client","last_synced_at":"2025-04-23T18:49:14.704Z","repository":{"id":44871404,"uuid":"113028640","full_name":"hmcts/service-auth-provider-java-client","owner":"hmcts","description":null,"archived":false,"fork":false,"pushed_at":"2025-04-14T09:07:30.000Z","size":820,"stargazers_count":1,"open_issues_count":5,"forks_count":1,"subscribers_count":187,"default_branch":"master","last_synced_at":"2025-04-14T10:24:27.670Z","etag":null,"topics":["jenkins-cft","jenkins-cft-j-z","platops-owned-app","s2sauth","team-platform"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hmcts.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-12-04T10:27:24.000Z","updated_at":"2025-04-14T09:07:34.000Z","dependencies_parsed_at":"2023-02-16T21:00:38.516Z","dependency_job_id":"dee0ce42-a588-4ee9-add5-02d511747d8a","html_url":"https://github.com/hmcts/service-auth-provider-java-client","commit_stats":null,"previous_names":[],"tags_count":48,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hmcts%2Fservice-auth-provider-java-client","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hmcts%2Fservice-auth-provider-java-client/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hmcts%2Fservice-auth-provider-java-client/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hmcts%2Fservice-auth-provider-java-client/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hmcts","download_url":"https://codeload.github.com/hmcts/service-auth-provider-java-client/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250496047,"owners_count":21440225,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["jenkins-cft","jenkins-cft-j-z","platops-owned-app","s2sauth","team-platform"],"created_at":"2024-11-17T04:27:59.829Z","updated_at":"2025-04-23T18:49:14.685Z","avatar_url":"https://github.com/hmcts.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# service-auth-provider-java-client\n\n[![](https://jitpack.io/v/hmcts/service-auth-provider-java-client.svg)](https://jitpack.io/#hmcts/service-auth-provider-java-client)\n[![](https://github.com/hmcts/service-auth-provider-java-client/actions/workflows/gradle.yml/badge.svg)](https://github.com/hmcts/service-auth-provider-java-client/actions/workflows/gradle.yml/)\n\n\nThis is the client library for the service-auth-provider api microservice.\nThe tool provides a method to generate s2s auth token for a microservice and, optionally, caches it.\n\n\n## Getting started\n\n### Prerequisites\n\n- [Java 17](https://adoptium.net/)\n- [Docker](https://www.docker.com)\n\n### Building\n\nThe project uses [Gradle](https://gradle.org) as a build tool, but you don't have to install it locally since there is a\n`./gradlew` wrapper script.  \n\nTo build the project run the following command:\n\n```bash\n./gradlew build\n```\n## Configuration\nThe following values must be provided:\n```yaml\nidam:\n  s2s-auth:\n    url: http://localhost:4502\n    totp_secret: AAAAAAAAAAAAAAAC\n    microservice: ccd_gw\n```\n\nA spring bean:\n```java\n@Configuration\npublic class ServiceTokenGeneratorConfiguration {\n   @Bean\n   public AuthTokenGenerator serviceAuthTokenGenerator(\n           @Value(\"${idam.s2s-auth.totp_secret}\") final String secret,\n           @Value(\"${idam.s2s-auth.microservice}\") final String microService,\n           final ServiceAuthorisationApi serviceAuthorisationApi\n   ) {\n       return AuthTokenGeneratorFactory.createDefaultGenerator(secret, microService, serviceAuthorisationApi);\n   }\n}\n``` \n## Configuration for Service Authentication filter\nThe following values must be provided to enable a ServiceAuthFilter bean:\n```yaml\nidam:\n  s2s-authorised:\n    services: microservice1, microservice2\n```\nServiceAuthFilter bean is a `OncePerRequestFilter` filter that you can add to your filter chain to authorise a service \nrequest. The filter will expect a header with '`ServiceAuthorization: Bearer \u003ctoken\u003e`' as part of the request header that it will consume \nto approve the request. Any requests from services that are not in your authorised services list will deny access \nto your service and return an HTTP response status code 403 (forbidden) and for any other reasons if the token is\nmissing, invalid or failure to verify will result in 401(unauthorized).\n\n## Running without Spring\n\nYou might want to use this client when not running in a spring context, i.e. a scheduled job possibly.\n\n```java\nclass ServiceTokenGenerator {\n    private static AuthTokenGenerator getAuthTokenGenerator(String s2sURL, String clientId, String clientSecret) {\n        HttpMessageConverter\u003c?\u003e jsonConverter = new MappingJackson2HttpMessageConverter(new ObjectMapper());\n        ObjectFactory\u003cHttpMessageConverters\u003e converter = () -\u003e new HttpMessageConverters(jsonConverter);\n    \n        ServiceAuthorisationApi serviceAuthorisationApi = Feign.builder()\n                .contract(new SpringMvcContract())\n                .encoder(new SpringEncoder(converter))\n                .decoder(new StringDecoder())\n                .target(ServiceAuthorisationApi.class, s2sURL);\n    \n        return AuthTokenGeneratorFactory\n                .createDefaultGenerator(clientSecret, clientId, serviceAuthorisationApi);\n    }\n}\n```\n\n## Developing\n\n### Unit tests\n\nTo run all unit tests execute the following command:\n\n```bash\n./gradlew test\n```\n\n### Coding style tests\n\nTo run all checks (including unit tests) execute the following command:\n\n```bash\n./gradlew check\n```\n\n## Versioning\n\nWe use [SemVer](http://semver.org/) for versioning.\nFor the versions available, see the tags on this repository.\n\nTo release a new version add a tag with the version number and push this up to the origin repository. This will then \nbuild and publish the release to maven.\n\n## License\n\nThis project is licensed under the MIT License - see the [LICENSE.md](LICENSE.md) file for details.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhmcts%2Fservice-auth-provider-java-client","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhmcts%2Fservice-auth-provider-java-client","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhmcts%2Fservice-auth-provider-java-client/lists"}