{"id":21888684,"url":"https://github.com/swisscom/sample-uaa-ruby-resource-server","last_synced_at":"2025-06-13T21:05:54.117Z","repository":{"id":34651486,"uuid":"171262909","full_name":"swisscom/sample-uaa-ruby-resource-server","owner":"swisscom","description":null,"archived":false,"fork":false,"pushed_at":"2024-10-16T15:19:07.000Z","size":21,"stargazers_count":0,"open_issues_count":1,"forks_count":1,"subscribers_count":19,"default_branch":"master","last_synced_at":"2025-03-04T22:02:07.972Z","etag":null,"topics":["hacktoberfest"],"latest_commit_sha":null,"homepage":"","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/swisscom.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-02-18T10:25:49.000Z","updated_at":"2024-10-16T15:19:10.000Z","dependencies_parsed_at":"2024-10-18T07:37:17.314Z","dependency_job_id":"2264521c-012b-4387-9ee2-d386fe1e25d9","html_url":"https://github.com/swisscom/sample-uaa-ruby-resource-server","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/swisscom/sample-uaa-ruby-resource-server","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/swisscom%2Fsample-uaa-ruby-resource-server","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/swisscom%2Fsample-uaa-ruby-resource-server/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/swisscom%2Fsample-uaa-ruby-resource-server/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/swisscom%2Fsample-uaa-ruby-resource-server/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/swisscom","download_url":"https://codeload.github.com/swisscom/sample-uaa-ruby-resource-server/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/swisscom%2Fsample-uaa-ruby-resource-server/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":259719716,"owners_count":22901239,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hacktoberfest"],"created_at":"2024-11-28T11:16:38.442Z","updated_at":"2025-06-13T21:05:54.093Z","avatar_url":"https://github.com/swisscom.png","language":"Ruby","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Sample ruby OAuth2/OIDC resource server for UAA\nDemo app that acts as OAuth2 resource server, meaning it offers a stateless API and is protected by an OAuth2 JWT access token verification.\nIt's mostly used in conjunction with a javascript frontend that obtains the OAuth2 JWT access token using the `implicit` flow and then uses this API as its backend.\n\nIt is primarily designed to run on CloudFoundry, since it expects the OAuth2 configuration to be passed in `VCAP_SERVICES`.\n\n## How it works\nThe client invokes the backend API with the HTTP header `Authorization: Bearer \u003cJWT access token\u003e`.\nThe backend extracts this JWT token and validates it on the OAuth2 IDP. See the comments in the code for details.\n\nIt was tested with [UAA](https://github.com/cloudfoundry/uaa) acting as OAuth2/OIDC provider, but it should work with every OIDC provider.\n\n## Configure, deploy and test\nThe app expects a `VCAP_SERVICES` env variable containing a service with a tag `oauth2` so make sure it is set when running the app.\n\nWhen deploying to CloudFoundry, one can use a [User provided service instance](https://docs.cloudfoundry.org/devguide/services/user-provided.html) to achieve this.\n\nFull example:\n```\n# adjust ALLOWED_CORS_ORIGIN in manifest.yml if you want to use a browser client, then push\ncf push sample-app --random-route --no-start -i 1\n\n# Now create the user provided service which will be provided to the app in `VCAP_SERVICES`.\n# The client specified here must be created manually beforehand on the OAuth2 provider.\nCREDENTIALS='{\"userInfoEndpoint\": \"\u003cuaa-url\u003e/userinfo\", \"checkTokenEndpoint\": \"\u003cuaa-url\u003e/userinfo\", \"clientId\": \"\u003cclient-id\u003e\", \"clientSecret\": \"\u003cclient-secret\u003e\"}'\ncf create-user-provided-service OAUTH2-CLIENT -p $CREDENTIALS -t oauth2\n\n# Bind \u0026 start the app to make the service instance available\ncf bind-service sample-uaa OAUTH2-CLIENT\ncf start sample-app\n```\n\nYou can now speak to the API, providing a valid token:\n```\nTOKEN=obtain token from IDP\ncurl -v https://\u003cpath-to-your-app\u003e/env -H \"Authorization: Bearer $TOKEN\"\n```\n\nAnd the app will return the user attributes it received from the IDP.\n\nFor a full demo, best deploy a client sample app (see below) that will act as the client for you.\n\n\n## Sample overview\n### Authorization code\n- Service provider (Spring boot): https://github.com/swisscom/sample-uaa-spring-boot-service-provider\n- Service provider (Ruby): https://github.com/swisscom/sample-uaa-ruby-service-provider\n\n### Implicit flow \u0026 Client Credentials\n- Client (VueJS): https://github.com/swisscom/sample-uaa-vue-client\n- Client (React \u0026 Redux):https://github.com/swisscom/sample-uaa-react-redux-client\n- Client (AngularJS): https://github.com/swisscom/sample-uaa-angular-client\n\n- Resource Server (Spring boot): https://github.com/swisscom/sample-uaa-spring-boot-resource-server\n- Resource Server (Ruby): https://github.com/swisscom/sample-uaa-ruby-resource-server","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fswisscom%2Fsample-uaa-ruby-resource-server","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fswisscom%2Fsample-uaa-ruby-resource-server","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fswisscom%2Fsample-uaa-ruby-resource-server/lists"}