|
| 1 | +# Using AppAuth with [Gluu](https://gluu.org/docs/) |
| 2 | + |
| 3 | + |
| 4 | +The Gluu Server is a free open source identity and access management (IAM) platform. The Gluu Server is a container distribution composed of software written by Gluu and incorporated from other open source projects. Configuration of Gluu server is quick and simple. |
| 5 | + |
| 6 | +If you do not already have a Gluu Server, you can [read the docs](http://gluu.org/docs/ce) to learn how to download and deploy the software for free. |
| 7 | +## Creating OpenID Client on Gluu server |
| 8 | + |
| 9 | +First of all install and login to your gluu server than follow steps below:- |
| 10 | + |
| 11 | + 1. After login, navigate to https://{{Your_gluu_server_domain}}/identity/client/inventory and select **Add Client** |
| 12 | + 1. Entre required values to fields( minimum required fileds are :- Client Name,Client Secret,Application Type,Pre-Authorization,Persist Client Authorizations,Logout Session Required) |
| 13 | + 1. Choose **Native** or **web** as the Application Type. |
| 14 | + 1. Scroll to bottom and you will find **"Add Grand type"** button click on it and select **Authorization Code** as Grant type in opened popup. click ok button in popup to save settings. |
| 15 | + 1. Redirect URIs can be like this (**"appscheme://client.example.com"**) |
| 16 | + 1. Populate your new OpenID Connect application with values similar to: |
| 17 | + 1. Copy the **Client ID**, as it will be needed for the client configuration. |
| 18 | + 1. Here you need to set "none" for "Authentication method for the Token Endpoint" option. otherwise you will be needed to use client secrete in AppAuth for Token refresh which is not recommended to store client secrete in Android app. |
| 19 | + If you still want to use client secrete in you app for "Authentication method for the Token Endpoint" you can check official doc by [AppAuth](https://github.com/openid/AppAuth-Android/blob/master/README.md#utilizing-client-secrets-dangerous) |
| 20 | + 1. Click **Finish** to redirect back to the *General Settings* of your application. |
| 21 | + |
| 22 | + |
| 23 | +**Note:-** You can also create OpenID Clients by using gluu's oxAuth-rp client |
| 24 | + Link for oxAuth-Rp will be https://{{Your_gluu_server_domain}}/oxauth-rp/home.htm |
| 25 | + |
| 26 | + |
| 27 | + |
| 28 | +### Clone the project |
| 29 | +https://github.com/openid/AppAuth-Android.git |
| 30 | + |
| 31 | + clone project from given repo and do following changes in code. |
| 32 | + |
| 33 | + Finally, within your application update ``res/raw/auth_config.json`` with your settings. You will get a warning if it is incomplete or invalid. Here is an example JSON configuration: |
| 34 | + |
| 35 | +```json |
| 36 | +{ |
| 37 | + "client_id": "{{YourClientID}}", |
| 38 | + "redirect_uri": "appscheme://client.example.com", |
| 39 | + "client_secret": "{{Your_client_secret}}", |
| 40 | + "authorization_scope": "openid email profile", |
| 41 | + "discovery_uri": "https://{{your_idp_domain}}/.well-known/openid-configuration", |
| 42 | + "authorization_endpoint_uri": "", |
| 43 | + "token_endpoint_uri": "", |
| 44 | + "registration_endpoint_uri": "", |
| 45 | + "https_required": true |
| 46 | +} |
| 47 | +``` |
| 48 | + |
| 49 | +**Note :-** According to [issue](https://github.com/openid/AppAuth-Android/issues/90) using client secrete in project is not adviced. You must need to a find way keep client secret safe in application. |
| 50 | +To pass client secret with token refresh we need to change some minor changes in demo code. |
| 51 | + |
| 52 | +1. **net.openid.appauthdemo.Configuration** :- |
| 53 | + |
| 54 | + 1. create field for client_secret |
| 55 | + ```java |
| 56 | + private String mClientSecret; |
| 57 | + ``` |
| 58 | + |
| 59 | + 2. In readConfiguration() method add parser for client_secret like this |
| 60 | + ```java |
| 61 | + mClientSecret= getConfigString("client_secret"); |
| 62 | + ``` |
| 63 | + |
| 64 | + 3. create a getter method for mClientSecret |
| 65 | + ```java |
| 66 | + @Nullable |
| 67 | + public String getClientSecret() { |
| 68 | + return mClientSecret; |
| 69 | + } |
| 70 | + ``` |
| 71 | + |
| 72 | + |
| 73 | +2. **net.openid.appauthdemo.Configuration.TokenActivity** |
| 74 | + |
| 75 | + 1. Change performTokenRequest with this code. |
| 76 | + |
| 77 | + ```java |
| 78 | + @MainThread |
| 79 | + private void performTokenRequest( |
| 80 | + TokenRequest request, |
| 81 | + AuthorizationService.TokenResponseCallback callback) { |
| 82 | + ClientAuthentication clientAuthentication; |
| 83 | + if (Configuration.getInstance(TokenActivity.this).getClientSecret() != null) { |
| 84 | + clientAuthentication = new ClientSecretBasic(Configuration.getInstance(TokenActivity.this).getClientSecret()); |
| 85 | + |
| 86 | + } else { |
| 87 | + try { |
| 88 | + clientAuthentication = mStateManager.getCurrent().getClientAuthentication(); |
| 89 | + } catch (ClientAuthentication.UnsupportedAuthenticationMethod ex) { |
| 90 | + Log.d(TAG, "Token request cannot be made, client authentication for the token " |
| 91 | + + "endpoint could not be constructed (%s)", ex); |
| 92 | + displayNotAuthorized("Client authentication method is unsupported"); |
| 93 | + return; |
| 94 | + } |
| 95 | + } |
| 96 | + mAuthService.performTokenRequest( |
| 97 | + request, |
| 98 | + clientAuthentication, |
| 99 | + callback); |
| 100 | + } |
| 101 | + ``` |
| 102 | + |
| 103 | +# |
| 104 | +# Gluu AppAuth Dynamic Registration. |
| 105 | + |
| 106 | +### changes in xml file: |
| 107 | + |
| 108 | +> If we keep **client_id** and **client_secret** blank string in ``res/raw/auth_config.json`` application will automatically register new client to dynamic registration end point. |
0 commit comments