• This repository has been archived on 05/Dec/2022
  • Stars
    star
    169
  • Rank 224,453 (Top 5 %)
  • Language
    Java
  • License
    Apache License 2.0
  • Created over 9 years ago
  • Updated almost 2 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Java library for conveniently verifying and storing OAuth 2.0 service access tokens

Tokens

Tokens is a Java library for verifying and storing OAuth 2.0 service access tokens. It is resilient, configurable, and production-tested, and works with all JVM languages.

Build Status Javadocs Maven Central Coverage Status codecov.io

Project Features and Functionality

Some features Tokens offers:

  • Support for credential rotation, by reading them on-demand from the file system
  • Extensibility with a credentials provider
  • Configuration flexibility; specify multiple tokens with different scopes
  • Ability to inject fixed OAuth2 access tokens

Tokens can be useful to devs (at any company, large or small) who are working with highly-distributed microservices deployed in the cloud and need to authenticate the traffic generated when accessing APIs. For example, if your team wants to consume an API with OAuth2 credentials, Tokens will fetch the tokens for you. Then you just add scopes in the token.

When creating tokens, it's easy to make a lot of mistakes. Tokens aims to save you hassle and time.

Prerequisites

  • Java 11
  • Maven
  • Gradle

Maven Dependency

Add it with:

<dependency>
    <groupId>org.zalando.stups</groupId>
    <artifactId>tokens</artifactId>
    <version>see above</version>
</dependency>

Gradle Dependency

compile('org.zalando.stups:tokens:${version}')

Usage in Zalando K8s environment (with PlatformCredentialsSet)

It uses /meta/credentials as a default folder to look for provided tokens by PlatformCredentialsSet.

import org.zalando.stups.tokens.Tokens;
import org.zalando.stups.tokens.AccessTokens;

AccessTokens tokens = Tokens.createAccessTokensWithUri(new URI("https://this.url.will.be.ignored"))
                            .start();

while (true) {
    final String token = tokens.get("exampleRO");

    Request.Get("https://api.example.com")
           .addHeader("Authorization", "Bearer " + token)
           .execute():

    Thread.sleep(1000);
}

Want to migrate from STUPS to K8s? See the hints.

Usage in Zalandos STUPS environment

import org.zalando.stups.tokens.Tokens;
import org.zalando.stups.tokens.AccessTokens;

AccessTokens tokens = Tokens.createAccessTokensWithUri(new URI("https://example.com/access_tokens"))
                            .manageToken("exampleRW")
                                .addScope("read")
                                .addScope("write")
                                .done()
                            .manageToken("exampleRO")
                                .addScope("read")
                                .done()
                            .start();

while (true) {
    final String token = tokens.get("exampleRO");

    Request.Get("https://api.example.com")
           .addHeader("Authorization", "Bearer " + token)
           .execute():

    Thread.sleep(1000);
}

Migration from Zalandos STUPS env to Zalandos K8s env

Your code can stay as is.

A common issue is not mounting the credentials. Please use the example below as a guide line.

...
          volumeMounts:
          - name: "{{ APPLICATION }}-credentials"
            mountPath: /meta/credentials
            readOnly: true
      volumes:
        - name: "{{ APPLICATION }}-credentials"
          secret:
            secretName: "{{ APPLICATION }}-credentials"

Please also make sure that token identifiers/names must equal the respective items in credentials.yaml::

apiVersion: "zalando.org/v1"
kind: PlatformCredentialsSet
metadata:
   name: "{{ APPLICATION }}-credentials"
spec:
   application: "{{ APPLICATION }}"
   tokens:
     exampleRW:
       privileges:
         - com.zalando::read
         - com.zalando::write
     exampleRO:
       privileges:
         - com.zalando::read

Local Testing

With Tokens, you can inject fixed OAuth2 access tokens via the OAUTH2_ACCESS_TOKENS environment variable and test applications locally with personal OAuth2 tokens. As an example:

$ MY_TOKEN_1=$(zign token -n mytok1)
$ MY_TOKEN_2=$(zign token -n mytok2)
$ export OAUTH2_ACCESS_TOKENS=mytok1=$MY_TOKEN_1,mytok2=$MY_TOKEN_2
$ lein repl # start my local Clojure app using the tokens library

In production on EC2 instances, Tokens fetches access tokens by requesting an authorization server with credentials, found in client.json and user.json. It's also possible to provide client.json and user.json with valid content and point this library to that directory.

Contributing

This project welcomes contributions, including bug fixes and documentation enhancements. To contribute, please use the Issues Tracker to let us know what you would like to do. We'll respond, and go from there.

License

Copyright © 2015 Zalando SE

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

More Repositories

1

patroni

A template for PostgreSQL High Availability with Etcd, Consul, ZooKeeper, or Kubernetes
Python
6,267
star
2

postgres-operator

Postgres operator creates and manages PostgreSQL clusters running in Kubernetes
Go
3,686
star
3

skipper

An HTTP router and reverse proxy for service composition, including use cases like Kubernetes Ingress
Go
3,088
star
4

restful-api-guidelines

A model set of guidelines for RESTful APIs and Events, created by Zalando
CSS
2,605
star
5

zalenium

A flexible and scalable container based Selenium Grid with video recording, live preview, basic auth & dashboard.
Java
2,385
star
6

SwiftMonkey

A framework for doing randomised UI testing of iOS apps
Swift
1,947
star
7

logbook

An extensible Java library for HTTP request and response logging
Java
1,788
star
8

tailor

A streaming layout service for front-end microservices
JavaScript
1,728
star
9

tech-radar

Visualizing our technology choices
1,581
star
10

spilo

Highly available elephant herd: HA PostgreSQL cluster using Docker
Python
1,225
star
11

intellij-swagger

A plugin to help you easily edit Swagger and OpenAPI specification files inside IntelliJ IDEA
Java
1,172
star
12

problem-spring-web

A library for handling Problems in Spring Web MVC
Java
1,031
star
13

nakadi

A distributed event bus that implements a RESTful API abstraction on top of Kafka-like queues
Java
928
star
14

zally

A minimalistic, simple-to-use API linter
Kotlin
903
star
15

problem

A Java library that implements application/problem+json
Java
869
star
16

zalando-howto-open-source

Open Source guidance from Zalando, Europe's largest online fashion platform
799
star
17

go-keyring

Cross-platform keyring interface for Go
Go
689
star
18

gin-oauth2

Middleware for Gin Framework users who also want to use OAuth2
Go
579
star
19

zappr

An agent that enforces guidelines for your GitHub repositories
JavaScript
542
star
20

pg_view

Get a detailed, real-time view of your PostgreSQL database and system metrics
Python
494
star
21

engineering-principles

Our guidelines for building new applications and managing legacy systems
376
star
22

gulp-check-unused-css

A build tool for checking your HTML templates for unused CSS classes
CSS
359
star
23

zmon

Real-time monitoring of critical metrics & KPIs via elegant dashboards, Grafana3 visualizations & more
Shell
355
star
24

expan

Open-source Python library for statistical analysis of randomised control trials (A/B tests)
Python
325
star
25

PGObserver

A battle-tested, flexible & comprehensive monitoring solution for your PostgreSQL databases
Python
316
star
26

riptide

Client-side response routing for Spring
Java
292
star
27

jackson-datatype-money

Extension module to properly support datatypes of javax.money
Java
240
star
28

grafter

Grafter is a library to configure and wire Scala applications
Scala
240
star
29

opentracing-toolbox

Best-of-breed OpenTracing utilities, instrumentations and extensions
Java
180
star
30

elm-street-404

A fun WebGL game built with Elm
Elm
176
star
31

innkeeper

Simple route management API for Skipper
Scala
166
star
32

public-presentations

List of public talks by Zalando Tech: meetup presentations, recorded conference talks, slides
165
star
33

python-nsenter

Enter kernel namespaces from Python
Python
139
star
34

faux-pas

A library that simplifies error handling for Functional Programming in Java
Java
132
star
35

dress-code

The official style guide and framework for all Zalando Brand Solutions products
CSS
129
star
36

beard

A lightweight, logicless templating engine, written in Scala and inspired by Mustache
Scala
121
star
37

friboo

Utility library for writing microservices in Clojure, with support for Swagger and OAuth
Clojure
117
star
38

spring-cloud-config-aws-kms

Spring Cloud Config add-on that provides encryption via AWS KMS
Java
99
star
39

zalando.github.io

Open Source Documentation and guidelines for Zalando developers
HTML
86
star
40

failsafe-actuator

Endpoint library for the failsafe framework
Java
52
star
41

package-build

A toolset for building system packages using Docker and fpm-cookery
Ruby
35
star
42

ghe-backup

Github Enterprise backup at ZalandoTech (Kubernetes, AWS, Docker)
Shell
30
star
43

rds-health

discover anomalies, performance issues and optimization within AWS RDS
Go
26
star
44

backstage-plugin-api-linter

API Linter is a quality assurance tool that checks the compliance of API's specifications to Zalando's API rules.
TypeScript
12
star
45

.github

Standard github health files
1
star