I need to implement an OAuth2 Authorization Server in B4J but I only seem to find threads on client implementations (e.g. B4J which authenticate to public OAuth services like Google or Facebook).
Is there anyone who has done or tried this already and want to share some ideas, starting points, code snippets?
I'm implementing a REST API webservice and I need to implement the authorization server to provide OAuth 2.0 authorization to calling clients.
More or less like any public API which is using OAuth for authorization.
As I'm developing the REST API with B4J I'd like the authorization server to be developed with it as well.
I don't think that is what you think it is. It still uses 3rd party (authlete) for the database backend.
Quoted from that link:
This implementation is DB-less. What this means is that you don't have to have a database server that stores authorization data (e.g. access tokens), settings of the authorization server itself and settings of client applications. This is achieved by using Authlete as a backend service.
Authlete is a cloud service that provides an implementation of OAuth 2.0 & OpenID Connect (overview). You can easily get the functionalities of OAuth 2.0 and OpenID Connect either by using the default implementation provided by Authlete or by implementing your own authorization server using Authlete Web APIs as this implementation (java-oauth-server) does.
@Erel The link provided by OliverA explains exactly what I need. I'm providing a web service with REST API written in B4J and I need to implement an OAuth 2.0 authorization server to grant users an access token to perform their API calls to my service.
@OliverA is correct, Apache Amber (Oltu) seems like the right project I need.
However I need guidance or help to port it to B4J.
@Erel The link provided by OliverA explains exactly what I need. I'm providing a web service with REST API written in B4J and I need to implement an OAuth 2.0 authorization server to grant users an access token to perform their API calls to my service.[
Got you. From you description of what you wanted it seemed be server to server authentication or application to server authentication rather than user authentication. I would still recommend using a third party provider. I use Auth0 which is free for up to 7,000 users.
It's an application to service scenario with human beings driving the authorization process.
I wanted to explore BJ4 also for educational purpose (I've learned a lot while implementing the web service itself) but will look into Auth0.