Please follow the example attached as a reference for completing this assignment - Assignment 3 - Reference Version.zip.









Please see attached the previous assignments for reference: assignment 1(CST8277_450_Haddad_Cynthia)


and assignment 2


(CST8277_450_Haddad_Cynthia(2)


)


, and assignment 3


(CST8277_450_Haddad_Cynthia (3))


as well as assignment 4 instructions (


CST8277 - Assignment#4)








Please note that assignment 3 was incorrect the code provided


Webflux doesn't have anything describing the assignment 3. Please DO NOT make that mistake again!








Assignment #4 – Authentication and Authorization [15%]

This assignment relates to the following Course Learning Requirements:

CLR 2: Install and use enterprise programming and deployment tools.

CLR 3: Implement Web Server integration with enterprise applications.

CLR 6: Implement and Integrate various Java based technologies used in the enterprise environment.

Objective of this Assignment:

Implementation of OAuth 2.0 Authorization Code Grant Flow into a previously created application.

You will be able to demonstrate the working application using authN/Z data from Github.

Pre-Assignment Instructions:

1.











To prepare you for this assignment, read the modules 9 and 10 content and follow the embedded learning activities.

2.











In this final portion of the assignments, you will be working with only one service.

a.











The UserManagementService which will be used for OAuth 2.0 purposes.

3.











To use GitHub’s OAuth 2.0 authentication system for login, you must first Add a new GitHub app.

a.











You need to create your GitHub account and then add a new application at the following:

i.

















https://github.com/settings/developers








.

ii.











Click the button – New OAuth App and follow the instructions.

b.











As an Application name you can enter anything you want to;

c.











Homepage URL should be










http://localhost:8080








;

d.











Authorization callback URL should be:










http://localhost:8080/login/oauth2/code/github

4.











Click Register Application

Note:

The default redirect URI template is {baseUrl}/login/oauth2/code/{registrationId}. The registrationId is a unique identifier, but in this case it’s value equals to “github”. That means you need to specify the same structure in your application.yaml file for Spring Boot:

spring:

security:

oauth2:

client:

registration:

github:

clientId:




github-client-id

clientSecret:




github-client-secret

and then use the appropriate




github-client-id





and




github-client-secret





obtained from GitHub.

5.











For simplicity reasons, in this step you may not want to use your microK8s cluster, because only one service is required. However, if you do choose to have a fully working application – this is a good choice.

6.











Please pay attention to use “bridged networking” in your VM if you continue to work from VM.

Assignment description:

At this point you will be working on only one task – user authentication using




UserManagementService.

1.











You need to build the




OAuth 2.0 Authorization Code Grant Flow in accordance with RFC 6749 (








https://tools.ietf.org/html/rfc6749#section-4.1








).

2.











As an Authorization Server you will be using GitHub, all other services will be your own, working on your localhost.

3.











Since we’ve confirmed that the rest of your application (from Assignments #1-3) is successfully working, all you need to do is correct UserManagementService in such a way that it will generate a token based on data, obtained from the Authorization Provider (in this particular case it is GitHub) after a user tries to log in.

a.











As a good starting point you may use this tutorial:










https://spring.io/guides/tutorials/spring-boot-oauth2/

4.











Once you have received




the user data, the UserManagementService must generate a simple UUID token, correlated to the user logged in, and store that token inside the UMS database until the user logs in, or until the session expires (let’s say 15 minutes).

5.











In the next step, when the user tries to reach API of another service, the user will provide that token as part of the request and another service will ask the UserManagementService the following questions (through another call to UMS):

a.











Whether that token valid (not expired);

b.











If yes, which role is that token associated with.

6.











At the end of this, depending on the UMS’s response, the target service should either perform the request or return a 401 status.

Assignment Tasks:

After preparation and code implementation from the previous assignments, the point has come in your application for which you must implement Authorization.

What you should do:

1.











Implement OAuth 2.0 Authorization Code Grant Flow into UserManagementService. Use UUID for tokenizing transmitted data. If you will implement JWT – it is considered a bonus.

2.











The end result of this assignment should provide you with a working and tested code, providing OAuth 2.0 Authorization Code Grant Flow with GitHub as Authorization Provider.

Submission Guidelines

3.











You need to submit an archive with name pattern {Course #}_{Section #}_{Last name}_{First name}.zip containing your project source code.