OAuth2.0
1、创建服务
curl -X POST http://127.0.0.1:8001/consumers/user123/oauth2 --data "url -i -X POST --url http://localhost:8001/services/ --data 'name=oauth2-service' --data 'url=https://testoauth.com/'
2、启用插件
curl -X POST http://127.0.0.1:8001/services/oauth2-service/plugins --data "name=oauth2" --data "config.scopes=email" --data "config.scopes=phone" --data "config.scopes=address" --data "config.mandatory_scope=true" --data "config.enable_authorization_code=true"
3、创建消费者
curl -X POST http://kong:8001/consumers/ --data "username=user123" --data "custom_id=cid0001"
4、创建与消费者相关的应用(凭证)
curl -X POST http://127.0.0.1:8001/consumers/user123/oauth2 --data "name=Test%20Application" --data "redirect_uris=https://testoauth.com/senduser/"
curl -X POST http://kong:8001/consumers/{consumer_id}/oauth2 \
--data "name=Test%20Application" \
--data "client_id=SOME-CLIENT-ID" \
--data "client_secret=SOME-CLIENT-SECRET" \
--data "redirect_uris=http://some-domain/endpoint/"
{"redirect_uris":["http:\/\/testoauth.com\/senduser\/"],
"created_at":1586094393,
"consumer":{"id":"ec2b6ea9-f659-45bd-be02-dfa5d835bf76"},
"id":"72372d2d-b1d2-4b18-9cf4-0796200324e5","tags":null,"name":"Test Application",
"client_secret":"kEwYElw4gDubo1dijrZXFOQVxBEOQASG","client_id":"KxSE4ksuc90TcWtnNZf5vmC6cMWpCPP7"}
5、访问token
curl -X POST http://127.0.0.1:8001/oauth2_tokens \
--data 'credential.id=72372d2d-b1d2-4b18-9cf4-0796200324e5' \
--data "token_type=bearer" \
//--data "access_token=SOME-TOKEN" \
//--data "refresh_token=SOME-TOKEN" \
--data "expires_in=3600"
| default | description | |
|---|---|---|
credential |
Contains the ID of the OAuth 2.0 application created on Kong. | |
token_typeoptional |
bearer |
The token type. |
access_tokenoptional |
You can optionally set your own access token value, otherwise a random string will be generated. | |
refresh_tokenoptional |
You can optionally set your own unique refresh token value, otherwise a random string will be generated. | |
expires_in |
The expiration time (in seconds) of the access token. | |
scopeoptional |
The authorized scope associated with the token. | |
authenticated_useridoptional |
The custom ID of the user who authorized the application |
{"created_at":1586095745,
"id":"a8d74ea6-5303-462f-be22-827b6222f2a3",
"scope":null,
"authenticated_userid":null,
"refresh_token":null,"expires_in":3600,
"access_token":"wCX5cZOMl8W5exF5FN9BJnXlOTGOvR6W",
"token_type":"bearer",
"credential":{"id":"72372d2d-b1d2-4b18-9cf4-0796200324e5"},
"ttl":null,
"service":null}
6、查看访问tokens
curl -sX GET http://127.0.0.1:8001/oauth2_tokens/
T
