Add OAuth10 3 Legged Flow sample to api-platform-samples

sample-proxies/oauth10a-3legged/README.md

@@ -0,0 +1,51 @@
+# Three-Legged OAuth1.0a
+
+This sample shows how use the OAuth 1.0a - 3 legged flow
+
+It contains the following policies:
+
+1. An OAuth 1.0 GenerateRequestToken Policy to generate the request token, called the RequestToken Endpoint.
+   This request token is required to generate verifier and the access token.
+2. An GenerateVerifier Policy (A ServiceCallout Policy) to create the externally passed verifier code, 
+   associating it to the request token generated in the above step.
+3. An OAuth 1.0 GenerateAccessToken Policy to generate an access token using the request token and its verifier, called  the AccessToken Endpoint.
+4. An OAuth 1.0 VerifyAccessToken Policy, to validate the OAuth 1.0 AccessToken and its signature, 
+   before requesting for the protected resource.
+
+# Set up
+
+* The username and password that you use to login to enterprise.apigee.com.
+* The name of the organization in which you have an account. Login to 
+  enterprise.apigee.com and check account settings.
+
+# Configure 
+
+1. Update `/setup/setenv.sh` with your environment details
+
+2. Configure API products, developers, and apps in your organization
+
+3. Run `/setup/provisioning/setup.sh`
+
+# Import and deploy sample project
+
+To deploy, run `$ sh deploy.sh`
+
+To test, run `$ sh invoke.sh`
+
+# Get help
+
+For assistance, post to the [Apigee Developer Forum](http://support.apigee.com)
+
+Copyright © 2013 Apigee Corporation
+
+Licensed under the Apache License, Version 2.0 (the "License"); you may not use
+this file except in compliance with the License. You may obtain a copy
+of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

sample-proxies/oauth10a-3legged/apiproxy/OAuth10Application.xml

@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<APIProxy revision="1" name="OAuth10Application">
+    <ConfigurationVersion minorVersion="0" majorVersion="4"/>
+    <ProxyEndpoints/>
+    <Resources/>
+    <StepDefinitions/>
+    <TargetServers/>
+    <TargetEndpoints/>
+</APIProxy>

sample-proxies/oauth10a-3legged/apiproxy/policies/GenerateAccessToken.xml

@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<OAuthV1 enabled="true" continueOnError="false" async="false" name="GenerateAccessToken">
+    <FaultRules/>
+    <Properties/>
+    <Operation>GenerateAccessToken</Operation>
+    <GenerateResponse enabled="true">
+        <Format>XML</Format>
+    </GenerateResponse>
+</OAuthV1>

sample-proxies/oauth10a-3legged/apiproxy/policies/GenerateRequestToken.xml

@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<OAuthV1 enabled="true" continueOnError="false" async="false" name="GenerateRequestToken">
+    <FaultRules/>
+    <Properties/>
+    <GenerateErrorResponse enabled="true">
+        <Format>XML</Format>
+    </GenerateErrorResponse>
+    <Operation>GenerateRequestToken</Operation>
+    <GenerateResponse enabled="true">
+        <Format>XML</Format>
+    </GenerateResponse>
+</OAuthV1>

sample-proxies/oauth10a-3legged/apiproxy/policies/GenerateVerifier.xml

@@ -0,0 +1,25 @@
+<ServiceCallout name="GenerateVerifier">
+   <Request clearPayload="true" variable="myRequest">
+      <Remove>
+	<Path/>
+      </Remove>
+      <Set>
+         <Payload contentType="application/xml" variablePrefix="%" variableSuffix="#">
+            <Verifier>
+               <Code>%request.formparam.token#</Code>
+               <AppUserId>%request.formparam.appenduser#</AppUserId>
+               <RequestToken>%request.formparam.verifier#</RequestToken>
+            </Verifier>
+         </Payload>
+         <Verb>POST</Verb>
+         <Path>/v1/oauth1/verifiers</Path>
+      </Set>
+   </Request>
+   <Response>request</Response>
+   <HTTPTargetConnection>
+      <Properties>
+      	<Property name="success.codes">2xx, 5xx</Property>
+      </Properties>
+      <URL>http://localhost:8080</URL>
+   </HTTPTargetConnection>
+</ServiceCallout>

sample-proxies/oauth10a-3legged/apiproxy/policies/VerifyAccessToken.xml

@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<OAuthV1 enabled="true" continueOnError="false" async="false" name="VerifyAccessToken">
+    <FaultRules/>
+    <Properties/>
+    <Operation>VerifyAccessToken</Operation>
+    <GenerateResponse enabled="true">
+        <Format>XML</Format>
+    </GenerateResponse>
+</OAuthV1>

sample-proxies/oauth10a-3legged/apiproxy/proxies/default.xml

@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<ProxyEndpoint name="default">
+
+    <Flows>
+	<Flow name="3 Legged OAuth1.0a">
+	  <Request>
+            <Step>
+                <Condition>proxy.pathsuffix /~ &quot;/3leg/request_token&quot;</Condition>
+                <FaultRules/>
+                <Name>GenerateRequestToken</Name>
+            </Step>
+            <Step>
+                <Condition>proxy.pathsuffix /~ &quot;/3leg/verifier&quot;</Condition>
+                <FaultRules/>
+                <Name>GenerateVerifier</Name>
+            </Step>
+            <Step>
+                <Condition>proxy.pathsuffix /~ &quot;/3leg/access_token&quot;</Condition>
+                <FaultRules/>
+                <Name>GenerateAccessToken</Name>
+            </Step>
+          </Request>
+          <Condition>(proxy.pathsuffix MatchesPath &quot;/3leg/**&quot;)</Condition>
+        </Flow>
+    </Flows>
+
+    <PreFlow name="PreFlow">
+        <Request>
+            <Step>
+          	<Condition>!(proxy.pathsuffix MatchesPath &quot;/3leg/**&quot;)</Condition>
+                <FaultRules/>
+                <Name>VerifyAccessToken</Name>
+            </Step>
+        </Request>
+    </PreFlow>
+
+    <HTTPProxyConnection>
+        <BasePath>/oauth1</BasePath>
+        <Properties/>
+        <VirtualHost>secure</VirtualHost>
+    </HTTPProxyConnection>
+
+    <RouteRule name="OAuthTargetRoute">
+        <Condition>!(proxy.pathsuffix MatchesPath &quot;/3leg/**&quot;)</Condition>
+        <TargetEndpoint>default</TargetEndpoint>
+    </RouteRule>
+    <RouteRule name="NoRoute"/>
+</ProxyEndpoint>

sample-proxies/oauth10a-3legged/apiproxy/targets/default.xml

@@ -0,0 +1,8 @@
+<TargetEndpoint name="default">
+    <FaultRules/>
+    <Flows/>
+    <HTTPTargetConnection>
+        <Properties/>
+        <URL>http://httpbin.org</URL>
+    </HTTPTargetConnection>
+</TargetEndpoint>

sample-proxies/oauth10a-3legged/deploy.sh

@@ -0,0 +1,15 @@
+#!/bin/bash
+
+source ../../setup/setenv.sh
+
+echo "Enter your password for the Apigee Enterprise organization $org, followed by [ENTER]:"
+
+read -s password
+
+echo Deploying $proxy to $env on $url using $username and $org
+
+../../tools/deploy.py -n oauth10a-3legged -u $username:$password -o $org -h $url -e $env -p / -d ../oauth10a-3legged
+
+echo "If 'State: deployed', then your API Proxy is ready to be invoked."
+
+echo "Run 'invoke.sh'"

sample-proxies/oauth10a-3legged/invoke.sh

@@ -0,0 +1,45 @@
+#!/bin/bash
+
+echo "Using org and environment configured in /setup/setenv.sh"
+echo "Be sure to run scripts under ./setup/provisioning"
+
+source ../../setup/setenv.sh
+
+echo "Get app profile"
+echo "Enter your password for the Apigee Enterprise organization $org, followed by [ENTER]:"
+read -s password
+
+echo -e "Fetching consumer key for developer application 'joe-app' \n"
+appdata=`curl -k -u "$username:$password" "$url/v1/o/$org/developers/[email protected]/apps/joe-app" -H 'Accept: application/json' 2>/dev/null`;
+consumerkey=`echo "$appdata" | grep -m 1 consumerKey | awk -F '\"' '{ print $4 }'`;
+consumersecret=`echo "$appdata" | grep -m 1 consumerSecret | awk -F '\"' '{ print $4 }'`;
+
+echo -e "\n#########################################################################\n"
+
+#1. Generate RequestToken:
+request_token_request="https://$org-$env.$api_domain/oauth1/3leg/request_token -H 'Authorization: OAuth oauth_callback=\"oob\", oauth_signature_method=\"HMAC-SHA1\", oauth_token=\"\", oauth_consumer_key=\"$consumerkey\", oauth_timestamp=\"{timestamp}\", oauth_nonce=\"{nonce}\", oauth_version=\"1.0\", oauth_signature=\"{signature}\"'"
+
+echo -e "Sample RequestToken Request:\ncurl -i" $request_token_request
+
+echo -e "\n#########################################################################\n"
+
+#2. Generate Verifier:
+verifier_request="https://$org-$env.$api_domain/oauth1/3leg/verifier -X POST -d 'token={request_token}&appenduser={app_end_user}&verifier={verifier_code}'"
+
+echo -e "Sample Verifier Code Generation Request:\ncurl -i" $verifier_request
+
+echo -e "\n#########################################################################\n"
+
+#3. Generate AccessToken:
+access_token_request="https://$org-$env.$api_domain/oauth1/3leg/access_token -H 'Authorization: OAuth oauth_verifier=\"{verifier_code}\", oauth_signature_method=\"HMAC-SHA1\", oauth_token=\"{request_token}\", oauth_consumer_key=\"$consumerkey\", oauth_timestamp=\"{timestamp}\", oauth_nonce=\"{nonce}\", oauth_version=\"1.0\", oauth_signature=\"{signature}\"'"
+
+echo -e "Sample AccessToken Request:\ncurl -i" $access_token_request
+
+echo -e "\n#########################################################################\n"
+
+#4. Verify AccessToken:
+verify_accesstoken_request="https://$org-$env.$api_domain/oauth1/get -H 'Authorization: OAuth oauth_signature_method=\"HMAC-SHA1\", oauth_token=\"{access_token}\", oauth_consumer_key=\"$consumerkey\", oauth_timestamp=\"{timestamp}\", oauth_nonce=\"{nonce}\", oauth_version=\"1.0\", oauth_signature=\"{signature}\"'"
+
+echo -e "Sample Verify AccessToken Request:\ncurl -i" $verify_accesstoken_request
+
+echo -e "\n#########################################################################\n"

setup/provisioning/setup.sh

@@ -46,29 +46,29 @@ curl -u $username:$password \
 # Get consumer key and attach API product
 # Do this in a quick and clean way that doesn't require python or anything
 
-key=`curl -u $username:$password \
+key=`curl -u $username:$password -H "Accept: application/json" \
      $url/v1/o/$org/developers/[email protected]/apps/thomas-app 2>/dev/null \
      | grep consumerKey | awk -F '\"' '{ print $4 }'`
 
 curl -u $username:$password \
   $url/v1/o/$org/developers/[email protected]/apps/thomas-app/keys/${key} \
   -H "Content-Type: application/xml" -X POST -T thomas-app-product.xml
 
-key=`curl -u $username:$password \
+key=`curl -u $username:$password -H "Accept: application/json" \
      $url/v1/o/$org/developers/[email protected]/apps/joe-app 2>/dev/null \
      | grep consumerKey | awk -F '\"' '{ print $4 }'`
 
 curl -u $username:$password \
   $url/v1/o/$org/developers/[email protected]/apps/joe-app/keys/${key} \
   -H "Content-Type: application/xml" -X POST -T joe-app-product.xml
 
-key=`curl -u $username:$password \
+key=`curl -u $username:$password -H "Accept: application/json"\
      $url/v1/o/$org/developers/[email protected]/apps/thomas-app 2>/dev/null \
      | grep consumerKey | awk -F '\"' '{ print $4 }'`
 
 echo "\n\nConsumer key for thomas-app is ${key}"
 
-key=`curl -u $username:$password \
+key=`curl -u $username:$password -H "Accept: application/json"\
      $url/v1/o/$org/developers/[email protected]/apps/joe-app 2>/dev/null \
      | grep consumerKey | awk -F '\"' '{ print $4 }'`