Java — OAuth

A project at work, required me to develop code which would allow us to send http requests to an external gateway, in order to validate a product before we received and dispatched it.

Previously, this functionality was implemented, however due to Brexit, the gateway changed from the European gateway, to a UK only gateway ( truly patriotic ).

In order to do this, I had to switch to OAuth 2.

I ran into some difficulty achieving this. My current implementation used HttpPost objects back from Java 1.6. Methods to add headers and bodies were deprecated and things were more difficult than they needed to be.

The OAuth implementation was much simpler to use and had an intuitive API.
The jar files needed for this are :

  • org.apache.oltu.oauth2.client

What is OAuth2

OAuth2 is an authorization framework for HTTP requests.
There are HTTP Services, such as Facebook or Github. These services have user accounts, and quite often third party applications want to access limited data on these user accounts. In order to access this data, we would need the user to give provide their security credentials for that account so we can access that data.

OAuth2 does this by delegating the authorisation to the service which hosts the user account. Once the authorisation has taken place, the service will return an access token to the third party application, enabling them limited access to their API, thus giving them access to the protected resources the application needs.

Below shows the basic workflow for an OAuth2 request. Usually the application server and the resource server are the same service.

Application Registration

If you are developing a third party application and you want to consume a service which uses OAuth2 as its authorisation mechanism, then you must first register your application with that service. They will require some details, such as:

  • Application Name

After your application is registered, the service represents your application with a Client ID and a Client Secret. These credentials should be used when making requests to the server, so the server can validate that the request is coming from a trusted source.

Grant Types

There are 4 grant types supported by OAuth2. Each are useful in certain circumstances.

  • Authorisation Code — Used with server side applications

Refresh Token

When an access token expires, we need to create a new token. This is done by making a similar HTTP request.

More information on the topic can be found here



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store