sidecar构架之dapr授权中间件

发表于 更新于 阅读次数: 阅读次数:

ZHeWif

我们搭建和走了一下oauth2的流程
Ory Hydra之OAuth 2.0 Authorize Code Flow
Ory Hydra之Oauth 2.0 Client Credentials flow

接下来我们配置一个 OAuth 中间件来说明下 Dapr 中间件授权的使用方法。

OAuth 2.0 Authorize Code 中间件示例

我们分别使用github和自建的oauth2.0进行尝试

github

我们尝试以github来走一遍OAuth 2.0 Authorize Code

创建github oauth app

Q4SKZz

4w6KLf

注意这里的Authorization callback URL,就是你授权通过,github通过这个填写地址(www.example.com)回调一个code,然后你可以通过code去请求token

~/.dapr/components/oauth2.yaml

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
  name: oauth2
spec:
  type: middleware.http.oauth2
  version: v1
  metadata:
  - name: clientId
    value: "d9d90c604c41aea4a0ac"
  - name: clientSecret
    value: "b1e75686aafd69253aac0e532432bace331f5be7"
  - name: scopes
    value: "https://www.googleapis.com/auth/userinfo.email"
  - name: authURL
    value: "https://github.com/login/oauth/authorize"
  - name: tokenURL
    value: "https://github.com/login/oauth/access_token"
  - name: redirectURL
    value: "http://www.example.com"
  - name: authHeaderName
    value: "authorization"
  - name: forceHTTPS
    value: "false"

~/.dapr/config.yaml

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
apiVersion: dapr.io/v1alpha1
kind: Configuration
metadata:
  name: daprConfig
spec:
  httpPipeline:
    handlers:
    - name: oauth2
      type: middleware.http.oauth2
    - name: uppercase
      type: middleware.http.uppercase
  nameResolution:
    component: "consul"
    configuration:
      client:
        address: "10.8.99.45:8500"
      selfRegister: false

z2cVKK

当这一步成功授权,github会授权回调并携带code到 www.example.com?code=XXX 我们拿到code,再向githu去申请token即可

自建 TODO:

Ory Hydra之OAuth 2.0 Authorize Code Flow

Oauth2.0搭建之Ory Hydar 2.0实践

OAuth2 client credentials中间件示例

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
  name: oauth2clientcredentials
spec:
  type: middleware.http.oauth2clientcredentials
  version: v1
  metadata:
  - name: clientId
    value: "<your client ID>"
  - name: clientSecret
    value: "<your client secret>"
  - name: scopes
    value: "https://www.googleapis.com/auth/userinfo.email"
  - name: tokenURL
    value: "https://accounts.google.com/o/oauth2/token"
  - name: headerName
    value: "authorization"

Dapr配置

1
2
3
4
5
6
7
8
9
apiVersion: dapr.io/v1alpha1
kind: Configuration
metadata:
  name: appconfig
spec:
  httpPipeline:
    handlers:
    - name: oauth2clientcredentials
      type: middleware.http.oauth2clientcredentials

自建

Ory Hydra之Oauth 2.0 Client Credentials flow