OAuth2 got easy
Oauth2 support exists in Eclipse Vert.x since version 3.2.0. The implementation follows the principles that rule the whole vert.x ecosystem: unopinionated, it does what you want it to do, simple but not too simple.
This works fine because
OAuth2 is a widely spread standard and vendors adhere to it quite well. However due to the API and the details of the specification it requires some knowledge on what kind of flow your application needs to support, what are the endpoints for authorizing and getting tokens. This information, even though easily accessible to anyone who’s got the time and will, to read the vendor documentation is easy to find, but it means that developers would need to spend time in a non-project problem-related task.
Vert.x thrives for being fast and productive, so what if we could help you focusing on your development tasks rather than reading Oauth2 provider documentation? This is what you can expect for the next release.
Out of the box you will find out that you can instantiate an OAuth2 provider as easy as:
Provider.create(vertx, clientId, clientSecret)
That’s it! simple, to the point, sure it makes some assumptions, it assumes that you want to use the “
AUTH_CODE“ flow which is what you normally do for web applications with a backend.
Provider implementations will configure the base API (which will be still available) with the correct URLs, scope encoding scheme or extra configuration such as “
So what supported
Providers can you already find?
- Google (either
Server to Serverflow)
That’s a handful of
Providers, but there is more. Say that you want to ensure that your SSL connections are valid and want to control the certificate validation. Every provider also accepts a HttpClientOptions object that will be used internally when contacting your provider, so in this case, you have full security control of your connection, not just defaults.
You can expect this new code to land for 3.4 as it is not available in the current release (3.3.3).