Name: cas-overlay
Owner: Center for Open Science
Description: Central Authentication Service (CAS) Overlay + OAuth2 Provider, Shibboleth SP, CAS SP
Created: 2015-04-12 14:29:46.0
Updated: 2018-05-24 14:28:17.0
Pushed: 2018-05-24 15:29:39.0
Size: 2797
Language: Java
GitHub Committers
User | Most Recent Commit | # Commits |
---|
Other Committers
User | Most Recent Commit | # Commits |
---|
Official Docs can be found here
Roadmap 4.1 OAuth Server Support
Provides the user's principal id, any released attributes and a list of granted scopes.
GET: /oauth2/profile
s://accounts.osf.io/oauth2/profile
orization: Bearer AT-1-...
"id": "unique-user-identifier",
"scope": ["user.email", "user.profile"]
Secure server authorization of scopes, will need to follow up with the Authorization Code exchange.
GET: /oauth2/authorize
s://accounts.osf.io/oauth2/authorize?client_id=gJgfkHAtz&redirect_uri=https%3A%2F%2Fmy-application%2Foauth%2Fcallback%2Fosf%2F&scope=user.profile%2Bwrite&state=FSyUOBgWiki_hyaBsa
Parameter | Value | Description ————- | ————- | ————- response_type | code | … client_id | … | … redirect_uri | … | … scope | … | … state | … | … access_type | online / offline | … approval_prompt | auto / force | …
s://my-application/oauth/callback/osf/?code=AC-1-3BfTHEimiGXAQPerA6Zq6cvOszjXAhzHLNQnVJhv3UPifgwVpn&state=FSyUOBgWiki_hyaBsa
Parameter | Value | Description ————- | ————- | ————- code | code | … state | … | …
GET: /oauth2/authorize
Allows client side javascript the ability to request specified scopes for authorization and directly return an Access Token.
s://accounts.osf.io/oauth2/authorize?response_type=token&client_id=gJgfkHAtz&redirect_uri=https%3A%2F%2Fmy-application%2Foauth%2Fcallback%2Fosf%2F&scope=user.profile%2Bwrite&state=FSyUOBgWiki_hyaBsa
Parameter | Value | Description ————- | ————- | ————- response_type | token | … client_id | … | … redirect_uri | … | … scope | … | … state | … | … approval_prompt | auto / force | …
s://my-application/oauth/callback/osf/#access_token=AT-1-E9wpSxcUatFazdGtFFVO21i4exU9RypHbhcacgoktZ7TPUGGVf3KDuMq2RxGzKXZ6FO6if&expires_in=3600&token_type=Bearer&state=FSyUOBgWiki_hyaBsa
Parameter | Value | Description ————- | ————- | ————- access_token | … | … expires_in | … | … token_type | Bearer | … state | … | …
Exchange of an Authorization Code for an Access Token and potentially a Refresh Token if offline mode was specified.
POST: /oauth2/token
s://accounts.osf.io/oauth2/token
Parameter | Value | Description ————- | ————- | ————- code | … | … client_id | … | … client_secret | … | … redirect_uri | … | … grant_type | authorization_code | …
"token_type": "Bearer",
"expires_in": 3600,
"refresh_token":"RT-1-SjLa4ReI4KxcxKzEj1TtIWMTEwcMY26pSy6SftrObikpsbtInb",
"access_token":"AT-1-adg7yMBUbyO4zSPVqFj2HZzOsTqNtJ5ebgk25y5UbTt4HV5W1EQ45b6PvpDtEABsaXXFBS"
Parameter | Value | Description ————- | ————- | ————- token_type | Bearer | … expires_in | … | … refresh_token | … | Included only when the authorization request was made with access_type offline. access_token | … | …
An authorized offline application may obtain a new Access Token from this endpoint.
POST: /oauth2/token
s://accounts.osf.io/oauth2/token
Parameter | Value | Description ————- | ————- | ————- refresh_token | … | … client_id | … | … client_secret | … | … grant_type | refresh_token | …
"token_type": "Bearer",
"expires_in": 3600,
"access_token":"AT-2-adg7yMBUbyO4zSPVqFj2HZzOsTqNtJ5ebgk25y5UbTt4HV5W1EQ45b6PvpDtEABsaXXFBS"
Parameter | Value | Description ————- | ————- | ————- token_type | Bearer | … expires_in | … | … access_token | … | …
Handles revocation of Refresh and Access Tokens.
POST: /oauth2/revoke
s://accounts.osf.io/oauth2/revoke
Parameter | Value | Description ————- | ————- | ————- token | … | …
204 NO CONTENT
e.g. user revokes application access
Revocation of all Tokens for a specified Client ID and the given token's Principal ID.
If the Access Token is of type CAS any valid Client ID can be specified, otherwise the Access Token may only revoke the Client ID it was generated with.
POST: /oauth2/revoke
s://accounts.osf.io/oauth2/revoke
orization: Bearer AT-1-...
Parameter | Value | Description ————- | ————- | ————- client_id | … | …
204 NO CONTENT
e.g. application administrator revokes all tokens
Revocation of all Tokens associated with the given Client ID.
POST: /oauth2/revoke
s://accounts.osf.io/oauth2/revoke
Parameter | Value | Description ————- | ————- | ————- client_id | … | … client_secret | … | …
204 NO CONTENT
e.g. list applications authorized to access the user's account
Gathers metadata regarding token's associated with the Principal ID specified.
The Access Token must be type CAS.
POST: /oauth2/metadata
s://accounts.osf.io/oauth2/metadata
orization: Bearer AT-1-...
{
"id": "gJgfkHAtz",
"name": "Application #1",
"description": "An simple oauth application",
"scope": [
"user.email",
"profile.basic"
]
},
{
"id": "Joiuhwkjsl",
"name": "Third Party Application #2",
"description": "An oauth application",
"scope": [
"nodes.create"
]
}
e.g. application information, user count, etc…
Provides metadata about the Client ID specified.
POST: /oauth2/metadata
s://accounts.osf.io/oauth2/metadata
Parameter | Value | Description ————- | ————- | ————- client_id | … | … client_secret | … | …
"id": "gJgfkHAtz",
"name": "Application #1",
"description": "An simple oauth application",
"users": 9001
mvn -pl cas-server-webapp/ jetty:run
If you have trouble building CAS via mvn clean install
, you may need to install the “Java Cryptography Extension (JCE) Unlimited Strength
Jurisdiction Policy Files”. Follow
these instructions to unpack
the zip file, back up existing policy files files, and install the new, stronger cryptography policy files.