Please refer to my previous solutions provided by one of the experts for references. Order # XXXXXXXXXXand 116291
Please see attached the previous assignments for reference: assignment 1
(CST8277_450_Haddad_Cynthia)
and assignment 2
(CST8277_450_Haddad_Cynthia(2)
)
, and assignment 3
(CST8277_450_Haddad_Cynthia (3))
as well as assignment 4 instructions (
CST8277 - Assignment#4)
Assignment description:
At this point you will be working on only one task – user authentication using
UserManagementService.
1.
You need to build the
OAuth 2.0 Authorization Code Grant Flow in accordance with RFC 6749 (
https://tools.ietf.org/html/rfc6749#section-4.1
).
2.
As an Authorization Server you will be using GitHub, all other services will be your own, working on your localhost.
3.
Since we’ve confirmed that the rest of your application (from Assignments #1-3) is successfully working, all you need to do is correct UserManagementService in such a way that it will generate a token based on data, obtained from the Authorization Provider (in this particular case it is GitHub) after a user tries to log in.
a.
As a good starting point you may use this tutorial:
https://spring.io/guides/tutorials/spring-boot-oauth2/
4.
Once you have received
the user data, the UserManagementService must generate a simple UUID token, correlated to the user logged in, and store that token inside the UMS database until the user logs in, or until the session expires (let’s say 15 minutes).
5.
In the next step, when the user tries to reach API of another service, the user will provide that token as part of the request and another service will ask the UserManagementService the following questions (through another call to UMS):
a.
Whether that token valid (not expired);
b.
If yes, which role is that token associated with.
6.
At the end of this, depending on the UMS’s response, the target service should either perform the request or return a 401 status.
Assignment Tasks:
After preparation and code implementation from the previous assignments, the point has come in your application for which you must implement Authorization.
What you should do:
1.
Implement OAuth 2.0 Authorization Code Grant Flow into UserManagementService. Use UUID for tokenizing transmitted data. If you will implement JWT – it is considered a bonus.
2.
The end result of this assignment should provide you with a working and tested code, providing OAuth 2.0 Authorization Code Grant Flow with GitHub as Authorization Provider.