Walled in by the wonderful Wonderwall
Basic toy API in Ktor that showcases usage of Wonderwall from a backend application's point of view. This is not a production-ready application.
Requires (almost) all requests received to contain a Bearer token issued by the configured Identity Provider.
- Expects the token to contain a claim
audwith a value that matches the client ID of the application's client. - Supports Token Exchange using TokenX.
- Expects the token to contain a claim
audwith a value that matches the client ID of the application's client. - Supports the On-Behalf-Of flow.
- Supports the Client Credentials flow.
- Requires login with Azure AD.
- API for fetching machine-to-machine tokens from Maskinporten.
/internal/*- unauthenticated/internal/is_alive/internal/is_ready
/api/*- requires a Bearer JWT access token in theAuthorizationheader/api/headers- prints all headers in the request/api/me- prints all claims for the token received/api/obo?aud=<cluster>:<namespace>:<app>- exchanges the subject token for the givenaud(audience)/api/m2m?aud=<cluster>:<namespace>:<app>- (Azure only) fetches a machine-to-machine token for the givenaud(audience)
Requires JDK installed, minimum version 21.
Start required dependencies:
docker-compose up -d- wonderwall @ http://localhost:4000 (reverse proxy for openid connect)
- texas @ http://localhost:3000 (token exchange / introspection service)
- mock-oauth2-server @ http://localhost:8080 (mock identity provider)
Run wonderwalled for the desired identity provider:
./gradlew wonderwalled-azure:runor
./gradlew wonderwalled-idporten:runor
./gradlew wonderwalled-maskinporten:runVisit the endpoints at localhost:4000 (i.e. via Wonderwall as a reverse proxy):