Skip to content

coffeelibs/tiny-oauth2-client

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

100 Commits

.github

.github

 
 

.idea

.idea

 
 

src

src

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

pom.xml

pom.xml

 
 

Repository files navigation

Maintainability Rating Security Rating Coverage Vulnerabilities Lines of Code

Tiny OAuth2 Client

This is a minimal zero-dependency implementation of the RFC 8252 OAuth 2.0 for Native Apps, relying on Loopback Interface Redirection (i.e. no need to register a private-use URI scheme) with full support for PKCE and CSRF Protection.

Requirements

  • Java 11+
  • Ideally some JSON or JWT parser of your choice

Usage

This library requires an instance of java.net.http.HttpClient.

// usually the default is sufficent:
var httpClient = HttpClient.newHttpClient();

// but feel free to adjust it to your needs, e.g. by applying custom proxy settings:
var httpClient = HttpClient.newBuilder()
    .proxy(ProxySelector.of(InetSocketAddress.createUnresolved("https:\\example.com",1337)))
    .build();

Now to begin, start building an OAuth 2.0 Client via the fluent API:

var oauthClient = TinyOAuth2.client("oauth-client-id") // The client identifier
		.withTokenEndpoint(URI.create("https://login.example.com/oauth2/token")) // The token endpoint
		.withRequestTimeout(Duration.ofSeconds(10)) // optional
        // ...

Next, continue with a specific grant type by invoking .authorizationCodeGrant(...) or .clientCredentialsGrant(...) (more may be added eventually).

Authorization Code Grant

Usually, you would want to use the Authorization Code Grant type to obtain access tokens. Configure your Authorization Server to allow http://127.0.0.1/* as a redirect target and look up the authorization endpoint:

// this library will just perform the Authorization Flow:
var httpResponse = oauthClient.authorizationCodeGrant(URI.create("https://login.example.com/oauth2/authorize"))
		.authorize(httpClient, uri -> System.out.println("Please login on " + uri), "openid", "profile"); // optionally add scopes here);

If your authorization server doesn't allow wildcards, you can also configure a fixed path (and even port) via e.g. setRedirectPath("/callback") and setRedirectPorts(8080) before calling authorize(...).

Client Credentials Grant

Alternatively, if your client shall act on behalf of a service account, use the Client Credentials Grant type, which allows the client to authenticate directly without further user interaction:

var httpResponse = oauthClient.clientCredentialsGrant(UTF_8, "client secret")
        .authorize(httpClient, "openid", "profile"); // optionally add scopes here

Parsing the Response

For maximum flexibility and minimal attack surface, this library does not include or depend on a specific parser. Instead, use a JSON or JWT parser of your choice to parse the Authorization Server's response:

if (httpResponse.statusCode() == 200) {
		var jsonString = httpResponse.body()
		var bearerToken = parseJson(jsonString).get("access_token");
		// ...
}

Why this library?

  • Often you just need to authorize your client and nothing more. Most OAuth2 libraries try to do a lot more
  • Nano-tiny-minuscule attack surface, since this doesn't contain any JOSE/JWT signature code, nor a fully-fledged web server
  • Focus is strictly on the authorization flow. Use any library for dealing with the tokens, you like.
  • Modular jar, exposing only one single public API. No need to read docs, you can't do anything wrong.

About

Zero-Dependency RFC 8252 OAuth 2.0 Authorization Flow

Topics

java oauth2 rfc-8252

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

7 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

10 tags

Sponsor this project

 
Learn more about GitHub Sponsors

Packages 1

 

Contributors 3

  •  
  •  
  •  

Languages