Page Comparison

...

Every request made to the service is first validated by the SOAJS oAuth Service before being forwarded to the service.

...

The code walkthrough is located in a sub page and explained in depth. Click here to read the explanation.

Service Exploration

...

To turn on oauth in a development environment you just need to start the environment as follow 

# go to correct directory
cd /opt/soajs/node_modules/soajs.examples/example02/

# export necessary environment variables
export SOAJS_PROFILE=/opt/soajs/node_modules/soajs.utilities/data/getStarted/profile.js
export SOAJS_ENV=test
export SOAJS_SRVIP=127.0.0.1

# start service
node .

Since this example makes use of the oAuth service, let's go ahead and turn that service on as well.

In a separate terminal window, enter the following:

# go to directory and install oauth
cd /opt/soajs/node_modules/
npm install soajs.oauth

# go to oauth directory
cd /opt/soajs/node_modules/soajs.oauth

# export necessary environment variables
export SOAJS_PROFILE=/opt/soajs/node_modules/soajs.utilities/data/getStarted/profile.js
export SOAJS_ENV=test
export SOAJS_SRVIP=127.0.0.1

# start service
node .

...

curl -X GET "http://127.0.0.1:5002/heartbeat"

The response below indicates that the oAuth service is running error free.

{"result":true,"ts":1425131003103,"service": {"service":"oauth","type":"rest","route":"/heartbeat"}}

Another heartbeat request is sent to the example02 service whose maintenance port is 5011.

curl -X GET "http://127.0.0.1:5011/heartbeat"

The response below indicates that the service is running without any errors.

{"result":true,"ts":1425131238011,"service": {"service":"example02","type":"rest","route":"/heartbeat"}}

sudo soajs services start --env=example

Using the Service APIs

In the Basic Service example, the "testGet" API was not designed to be secured with oAuth. In this example we added this security option to it.

...

# go to controller directory  examples/example02 and start the service
cd soajs.examples/opt/soajs/node_modules/soajs.controllerexample02/
  
# start the soajs example environment
sudo soajs services start --env=example
  
# export necessary environment variables to create local awareness
export SOAJS_PROFILE=/opt/soajs/node_modules/soajs.utilities/data/getStarted/profile.js 
export SOAJS_ENV=test 
ENV=EXAMPLE
export SOAJS_SRVPORT=4022
export SOAJS_DEPLOY_MANUAL=1
export SOAJS_SRVIPREGISTRY_API=127.0.0.1:21000
  
  
# start service 
node .

# hit the API
curl -X GET "http://127.0.0.1:400020000/example02/buildName?firstName=John&lastName=Smith"

...

The header contains the tenant key. More details regarding the tenant key can be found in the Multitenancy section in the documentation.

The Authorization in the header is used by oAuth to validate both posted body and is explained in detail in oAuth section under documentation.

The body, on the other hand, accepts three input parameters: username, password, grant_type.

curl -X POST -H "Authorization: Basic MTBkMmNiNWZjMDRjZTUxZTA2MDAwMDAxOnNoaGggdGhpcyBpcyBhIHNlY3JldA==" -H "key:aa39b5490c4a4ed0e56d7ec1232a428f771e8bb83cfcee16de14f735d0f5da587d5968ec4f785e38570902fd24e0b522b46cb171872d1ea038e88328e7d973ff47d9392f72b2d49566209eb88eb60aed8534a965cf30072c39565bd8d72f68ac4ea5db4c70b6168aeede6a8a56cb4624efdb6cb2cf3c7b88cbc1f5d97080a44f18083fa195e20dcc0b42496ae268ea91c657dd9b252b72de14c862e64f8522a9dbdaa1ce0f48ba2d5ed5eff49b47d0f728bddb2080c8cbc7bde3771116192b51" "http://127.0.0.1:400020000/oauth/token" -d 'username=oauthuserexample&password=oauthpasswordpassword&grant_type=password'

The corresponding response contains the corresponding access_token, which expires in one hour (in this example), and refresh_token, that is used once the access_token expires.

...

curl -X GET "http://127.0.0.1:400020000/example02/buildName?firstName=John&lastName=Smith&access_token=30f3a13fcdb60cde1cdf576634cbb7777df31177"

...