OAuth2 got easy

Oauth2 sup­port ex­ists in Eclipse Vert.x since ver­sion 3.2.0. The im­ple­men­ta­tion fol­lows the prin­ci­ples that rule the whole vert.x ecosys­tem: un­opin­ion­ated, it does what you want it to do, sim­ple but not too sim­ple.

This works fine be­cause OAuth2 is a widely spread stan­dard and ven­dors ad­here to it quite well. How­ever due to the API and the de­tails of the spec­i­fi­ca­tion it re­quires some knowl­edge on what kind of flow your ap­pli­ca­tion needs to sup­port, what are the end­points for au­tho­riz­ing and get­ting to­kens. This in­for­ma­tion, even though eas­ily ac­ces­si­ble to any­one who’s got the time and will, to read the ven­dor doc­u­men­ta­tion is easy to find, but it means that de­vel­op­ers would need to spend time in a non-​project problem-​related task.

Vert.x thrives for being fast and pro­duc­tive, so what if we could help you fo­cus­ing on your de­vel­op­ment tasks rather than read­ing Oauth2 provider doc­u­men­ta­tion? This is what you can ex­pect for the next re­lease.

Out of the box you will find out that you can in­stan­ti­ate an OAuth2 provider as easy as:

Provider.create(vertx, clientId, clientSecret)

That’s it! sim­ple, to the point, sure it makes some as­sump­tions, it as­sumes that you want to use the ”AUTH_CODE” flow which is what you nor­mally do for web ap­pli­ca­tions with a back­end.

The sup­ported Provider im­ple­men­ta­tions will con­fig­ure the base API (which will be still avail­able) with the cor­rect URLs, scope en­cod­ing scheme or extra con­fig­u­ra­tion such as ”shopId”/”GUID” for Shopify/Azure AD.

So what sup­ported Providers can you al­ready find?

• App.net
• Azure
• Box.com
• Drop­box
• Face­book
• Foursquare
• Github
• Google (ei­ther AUTH_CODE flow or Server to Server flow)
• In­sta­gram
• Key­cloak
• LinkedIn
• Mailchimp
• Sales­force
• Shopify
• Sound­cloud
• Stripe
• Twit­ter

That’s a hand­ful of Providers, but there is more. Say that you want to en­sure that your SSL con­nec­tions are valid and want to con­trol the cer­tifi­cate val­i­da­tion. Every provider also ac­cepts a Http­Clien­tOp­tions ob­ject that will be used in­ter­nally when con­tact­ing your provider, so in this case, you have full se­cu­rity con­trol of your con­nec­tion, not just de­faults.

You can ex­pect this new code to land for 3.4 as it is not avail­able in the cur­rent re­lease (3.3.3).