Re: [OAUTH-WG] Authorization Server
Justin Richer <jricher@MIT.EDU> Fri, 18 July 2014 00:16 UTC
Return-Path: <jricher@mit.edu>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 003561A00E2 for <oauth@ietfa.amsl.com>; Thu, 17 Jul 2014 17:16:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CCXimvn5LlKw for <oauth@ietfa.amsl.com>; Thu, 17 Jul 2014 17:15:59 -0700 (PDT)
Received: from dmz-mailsec-scanner-3.mit.edu (dmz-mailsec-scanner-3.mit.edu [18.9.25.14]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EAEA41A00DF for <oauth@ietf.org>; Thu, 17 Jul 2014 17:15:58 -0700 (PDT)
X-AuditID: 1209190e-f79946d000007db1-7b-53c8673dc2e8
Received: from mailhub-auth-3.mit.edu ( [18.9.21.43]) (using TLS with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-3.mit.edu (Symantec Messaging Gateway) with SMTP id 1C.F9.32177.D3768C35; Thu, 17 Jul 2014 20:15:57 -0400 (EDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-3.mit.edu (8.13.8/8.9.2) with ESMTP id s6I0Fv1O021603; Thu, 17 Jul 2014 20:15:57 -0400
Received: from [192.168.128.57] (static-96-237-195-53.bstnma.fios.verizon.net [96.237.195.53]) (authenticated bits=0) (User authenticated as jricher@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id s6I0FtXS025436 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Thu, 17 Jul 2014 20:15:56 -0400
Message-ID: <53C8672F.1080800@mit.edu>
Date: Thu, 17 Jul 2014 20:15:43 -0400
From: Justin Richer <jricher@MIT.EDU>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: Richard Snowden <richard.t.snowden@gmail.com>, oauth@ietf.org
References: <CAH59oZfZbKopao1aFs+kTaEg_5fQXVWBFnRPaFLWmk1Fd6BG7Q@mail.gmail.com>
In-Reply-To: <CAH59oZfZbKopao1aFs+kTaEg_5fQXVWBFnRPaFLWmk1Fd6BG7Q@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------030504070401090603030108"
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmpileLIzCtJLcpLzFFi42IR4hTV1rVNPxFsMO2fhcXJt6/YLHoap7E6 MHnsnHWX3WPJkp9MAUxRXDYpqTmZZalF+nYJXBn3T05nKZigXLH04SqmBsYeqS5GTg4JAROJ 1W+fMEPYYhIX7q1n62Lk4hASmM0k8bnxOiNIQkhgI6PEvKPlEInbTBKbt91gAUnwCqhJrG/q YQOxWQRUJaYu2gZmswHZ81feYgKxRQWiJO5c6meFqBeUODnzCViviICjxJpFL4E2c3AIC+hI 9F8OgdgVIHH0/A12EJtTIFBiY2Mj2EhmgTCJq1MmMk1g5J+FZNIsJKlZQJOYBawlvu0uggjL S2x/O4cZwtaWWNV7lglZfAEj2ypG2ZTcKt3cxMyc4tRk3eLkxLy81CJdY73czBK91JTSTYzg oJbk28H49aDSIUYBDkYlHt4H144HC7EmlhVX5h5ilORgUhLlrYw8ESzEl5SfUpmRWJwRX1Sa k1p8iFGCg1lJhDf7PlA5b0piZVVqUT5MSpqDRUmc9621VbCQQHpiSWp2ampBahFMVoaDQ0mC tyoNaKhgUWp6akVaZk4JQpqJgxNkOA/Q8IupQDW8xQWJucWZ6RD5U4yKUuK8wiDNAiCJjNI8 uF5Y0nnFKA70ijBvAEgVDzBhwXW/AhrMBDRYuhzk6uKSRISUVAOjbuistMBTwWUrHC8bq4h/ bKt16LJbfqA+9O325/yL7eQzN7058Nv2x7zbPtd7/89/dWjpgsDn8q4PDq7Nlvax47529tWV r9e9za+d2L7fZFIif4W8csyWt1WXQgL6s1tdbHRtPFfNyYp8L/OoXr+Rn1+g4BGDV23wext1 RV0umW3qnElWGveVWIozEg21mIuKEwG59HyWFQMAAA==
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/0VJWw5fCBS8Ey6wzrzs8p6FUa5Y
Subject: Re: [OAUTH-WG] Authorization Server
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Jul 2014 00:16:01 -0000
Richard, Many people implement their own servers and tie it closely to their protected resource API. There are a number of general purpose authorization servers and libraries out there, though, including an open source one written in Java that I maintain: https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/ It's based on Spring and Spring Security, and it also includes OpenID Connect support. Additionally, it implements JWT bearer tokens, revocation, introspection, dynamic registration, and it has an admin interface. -- Justin On 7/17/2014 4:47 AM, Richard Snowden wrote: > Hi there, > > after viewing some tutorials and running some samples code I > understood the client side of OAuth 2.0. > > Using existing Authorization Server seems to be not too complicated. > > Question is: How to implement my own Authorization Server? > > Since many companies have their own User/Privilege system, LDAP based > (e.g. Active Directory), etc. - they must have their own Authorization > Server. > > Is there a framework, libraries, etc. for that? Or do I have to write > the code from scratch? > > cheers, > Richard > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] Authorization Server Richard Snowden
- Re: [OAUTH-WG] Authorization Server Buhake Sindi
- Re: [OAUTH-WG] Authorization Server Justin Richer