### Install and Setup OAuth Assistant Example App (Bash) Source: https://curity.io/resources/learn/test-using-oauth-assistant This snippet demonstrates the commands to clone the OAuth Assistant example application repository from GitHub and install its dependencies using npm. It's the initial setup step for using the library. ```bash git clone git@github.com:curityio/oauth-assistant-example.git cd oauth-assistant-example npm install ``` -------------------------------- ### Install and Run OAuth Assistant Example (Bash) Source: https://curity.io/resources/learn/oauth-assistant Commands to clone the OAuth assistant example repository, install its dependencies, and start the example application. This sets up a local environment for testing the assistant. ```bash git clone git@github.com:curityio/oauth-assistant-example.git cd oauth-assistant-example npm install npm start ``` -------------------------------- ### Run OAuth Assistant Example App (Bash) Source: https://curity.io/resources/learn/test-using-oauth-assistant This command starts the OAuth Assistant example application after all configurations and installations are complete. It typically opens the application in a web browser, allowing users to test OAuth and OIDC flows. ```bash npm start ``` -------------------------------- ### Run SPA in Development Mode Source: https://curity.io/resources/learn/token-handler-deployment-example These commands navigate to the SPA directory and start the development server using npm. This setup allows for rapid development feedback by serving static content via webpack and enabling live code changes in the browser. ```bash cd spa npm start ``` -------------------------------- ### Install Dependencies and Start Server (Bash) Source: https://curity.io/resources/learn/serverless-zero-trust-api These bash commands are used to manage the Node.js project. `npm install` downloads and installs all the necessary project dependencies, while `npm start` typically runs a script defined in the `package.json` file, often used here to initiate the local serverless environment. ```bash npm install npm start ``` -------------------------------- ### Simple Authentication Action Example Source: https://curity.io/resources/tutorials Provides a basic example of an authentication action plugin for the Curity Identity Server. This serves as a starting point for creating custom authentication steps. ```java import se.curity.identityserver.sdk.authentication.AuthenticationAction; import se.curity.identityserver.sdk.authentication.AuthenticationActionContext; public class SimpleAuthAction implements AuthenticationAction { @Override public void run(AuthenticationActionContext context) { // Perform authentication steps context.getSubject().addClaim("authenticated_by", "SimpleAuthAction"); } } ``` -------------------------------- ### Install and Start Console Client (Bash) Source: https://curity.io/resources/learn/securing-api-events-using-jwts Commands to navigate to the console client directory, install dependencies using npm, and start the client application. This client initiates the event flow by requesting scopes and listening for a login response. ```bash cd console-client npm install npm start ``` -------------------------------- ### Install and Run UI Kit Locally Source: https://curity.io/resources/learn/customize-look-and-feel Instructions to set up and run the Curity Identity Server UI Kit locally. Requires Node.js. Installs dependencies and starts a local development server. ```bash npm install npm start ``` -------------------------------- ### OAuth Agent Login Start Response Example Source: https://curity.io/resources/learn/token-handler-first-configuration Example JSON response from the OAuth Agent's login start endpoint, containing the authorization request URL that the SPA uses to initiate the login process. ```json { "authorization_url": "https://login.example.com/oauth/v2/authorization?client_id=myclient&response_type=code ..." } ``` -------------------------------- ### Run Curity AWS CDK Deployment Example (Bash) Source: https://curity.io/resources/learn/install-using-aws-cdk This command executes the TypeScript entry point for the Curity Identity Server AWS CDK deployment. It uses `npx` and `ts-node` to compile and run the application, initiating the infrastructure setup. ```bash npx ts-node --prefer-ts-exts bin/idsvr-aws-cdk.ts ``` -------------------------------- ### Run Kotlin Example API with Maven Source: https://curity.io/resources/learn/integration-kong-open-source These commands package and run the Kotlin API using Maven. This process requires Maven and Java 8+ to be installed on your system. ```bash cd kotlin-api-jwt-validation mvn package java -jar target/secureapi-1.0-SNAPSHOT.jar ``` -------------------------------- ### Android Client Setup for Hypermedia Authentication API Source: https://curity.io/resources/tutorials Guides on setting up an Android client to use the Curity Identity Server's HAAPI. This includes integrating the necessary SDKs and handling authentication flows. ```java import com.curity.android.sdk.CurityAuthClient; public class MainActivity extends AppCompatActivity { private CurityAuthClient authClient; @Override protected void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); authClient = new CurityAuthClient.Builder(this) .setAuthority("YOUR_AUTHORITY_URL") .setClientId("YOUR_CLIENT_ID") .build(); // ... authentication logic } } ``` -------------------------------- ### Query 'accounts' Table in HSQLDB Source: https://curity.io/resources/learn/get-started-identity-data Executes a SQL query to retrieve all records from the 'accounts' table. This is a basic example of querying identity data stored in the database. ```bash SELECT * FROM "accounts"; ``` -------------------------------- ### Example Templatized Client Registration Request (HTTP) Source: https://curity.io/resources/learn/using-dynamic-client-registration An example HTTP POST request for dynamic client registration using a template client. This request only requires the `software_id` parameter, which specifies the template client to instantiate. ```http POST /dcr HTTP/1.1   { "software_id": "webapp-client" } ``` -------------------------------- ### Example GET Request to Echo API Source: https://curity.io/resources/learn/integration-azure-api-management This is an example of a GET request to the Echo API hosted on Azure. It demonstrates how to include query parameters and the expected HTTP version. This request is intended to be tested with and without an Authorization header. ```http GET https://curity-pme-api.azure-api.net/echo/resource-cached?param1=sample HTTP/1.1 ``` -------------------------------- ### Bash: Deploy Curity Identity Server Example Source: https://curity.io/resources/learn/authentication-actions-example These bash commands are used to deploy the Curity Identity Server example workflow. It involves running a deployment script and optionally setting an environment variable to use ngrok for external access. ```bash ./deploy.sh ``` ```bash export USE_NGROK=true ./deploy.sh ``` -------------------------------- ### Start the Application using Gradle (Bash) Source: https://curity.io/resources/learn/oidc-java-undertow-pac4j This command initiates the Java application using Gradle. It's the standard way to run the application during development or for testing purposes. Ensure you have Gradle installed or are using the Gradle wrapper. ```bash gradle run ``` -------------------------------- ### Example Client Registration Request (HTTP) Source: https://curity.io/resources/learn/using-dynamic-client-registration An example HTTP POST request to the client registration endpoint. It includes parameters like scope, redirect URIs, grant types, response types, and client metadata. ```http POST /dcr HTTP/1.1 { "scope": "openid read foo test_scope_1", "redirect_uris": [ "https://localhost:9000/cb" ], "grant_types": [ "authorization_code" ], "response_types": "code", "client_name": "monkey", "client_uri": "https://localhost:9000/", "tos_uri": "https://localhost:9000/tos", "default_max_age": 44 } ``` -------------------------------- ### Search Users by Username (HTTP GET) Source: https://curity.io/resources/learn/managing-users-with-scim Performs a search for users using a GET request with a filter parameter. The example filters by 'userName' using the 'eq' (equals) operator. ```http GET /um/admin/Users?filter=userName+eq+"bob" HTTP/1.1 ``` -------------------------------- ### GET /oauth/v2/oauth-authorize with response_mode=post_form.jwt Source: https://curity.io/resources/learn/jwt-secured-authorization-response-mode Example GET request to the authorization endpoint using response_mode=post_form.jwt for a hybrid flow with response_type=code id_token. This includes PKCE parameters. ```APIDOC ## GET /oauth/v2/oauth-authorize ### Description Initiates an OAuth 2.0 authorization flow, requesting an authorization code and an ID token, with the response to be sent via a POST form containing a JWT. ### Method GET ### Endpoint /oauth/v2/oauth-authorize ### Query Parameters - **client_id** (string) - Required - The client identifier. - **response_type** (string) - Required - Specifies the desired grant type, e.g., `code id_token`. - **redirect_uri** (string) - Required - The URI to redirect the user agent back to after authorization. - **state** (string) - Recommended - An opaque value used to maintain state between the request and callback. - **scope** (string) - Required - The scope of the access request, e.g., `openid read`. - **code_challenge** (string) - Required (when using PKCE) - The challenge code generated for PKCE. - **code_challenge_method** (string) - Required (when using PKCE) - The method used to generate the code challenge (e.g., `S256`). - **nonce** (string) - Recommended - A string value used to associate a client session with an ID Token, and to mitigate replay attacks. - **response_mode** (string) - Required - Specifies how the authorization response should be delivered, e.g., `post_form.jwt`. ### Request Example ```http GET /oauth/v2/oauth-authorize?client_id=web-client&response_type=code%20id_token&redirect_uri=https://www.example.com/callback/hybrid&state=1599045202487-sVG&scope=openid%20%20read&code_challenge=y2upJc5ieYeoQaU0c25iG87qxEXXC7h_0LvIYgQ6ufk&code_challenge_method=S256&nonce=1657220314981-cBR&response_mode=post_form.jwt HTTP/1.1 Host: your-authorization-server.com ``` ### Response #### Success Response (200) Upon successful authorization, the user agent is redirected to the `redirect_uri` with an HTML form that automatically submits a POST request containing the `response` parameter (a JWT) to the client. #### Response Example ```html Submit Authorization Response with Form
``` ``` -------------------------------- ### Parameterized XML Configuration Example Source: https://curity.io/resources/learn/import-export-config Demonstrates how to use parameters within XML configuration files for Curity Identity Server. Parameters can be dynamically replaced by values from properties files or environment variables. Default values can also be specified. ```xml https://idsvr-dev.example.com ``` ```xml https://idsvr-#{CURITY_ENVIRONMENT}.example.com ``` ```xml https://idsvr-#{CURITY_ENVIRONMENT | DEV}.example.com ``` -------------------------------- ### Start ngrok Tunnel (Bash) Source: https://curity.io/resources/learn/mobile-setup-ngrok This bash command starts an ngrok tunnel named 'curity', forwarding traffic to the configured local address and port. This allows external access to the local service. ```bash ngrok start curity ``` -------------------------------- ### Initial Access Token Response Example Source: https://curity.io/resources/learn/non-templatized-dcr This JSON snippet shows an example response when successfully obtaining an initial access token. It includes the access_token, scope, token_type, and expires_in duration. ```json { "access_token": "87f72f27-67a5-4bdd-b878-615b958c50b0", "scope": "dcr", "token_type": "bearer", "expires_in": 300 } ``` -------------------------------- ### OAuth Authorization Request Example Source: https://curity.io/resources/learn/oauth-cookie-best-practices An example of an initial GET request in an OAuth code flow. This request includes parameters like client_id, redirect_uri, response_type, scope, code_challenge, and state, sent to an authorization server. ```bash GET http://login.example.com/oauth/v2/oauth-authorize ?client_id=web-client &redirect_uri=http://www.product.com/ &response_type=code &scope=openid profile &code_challenge=WhmRaP18B9z2zkYcIlb4uVcZzjLqcZsaBQJf5akUxsA &code_challenge_method=S256 &state=CfDJ8Nxa-YhPzjpBilDQz2C... &nonce=638088910888703720.YzY3... ``` -------------------------------- ### Project Setup: Build and Run .NET API (Bash) Source: https://curity.io/resources/learn/dotnet-api Builds and runs the .NET API project. It also shows how to set the ASPNETCORE_ENVIRONMENT variable for development mode, useful when using HTTP URLs. ```bash export ASPNETCORE_ENVIRONMENT='Development' dotnet build dotnet run ``` -------------------------------- ### Start Kong with Docker Compose Source: https://curity.io/resources/learn/integration-kong-open-source This command initiates the Kong Docker container using the `docker-compose.yml` file. It will download the specified Kong image and start the services defined in the compose file. ```bash docker-compose up --force-recreate ``` -------------------------------- ### Install Curity Token Handler using Docker Source: https://curity.io/resources/learn/token-handler-getting-started This snippet demonstrates how to install the Curity Identity Server, which includes the token handler feature, using Docker. It sets an administrator password and exposes the necessary ports for the server to run locally. This is a quick way to get the token handler up and running on any compatible operating system. ```bash export PASSWORD='zIf66A9Wz' docker run -it -e PASSWORD=$PASSWORD -p 6749:6749 -p 8443:8443 curity.azurecr.io/curity/idsvr ``` -------------------------------- ### Run Curity Identity Server Docker Container Source: https://curity.io/resources/learn/get-started-identity-data Starts a Curity Identity Server Docker container with specified password and ports. This is the initial step to set up a local testing environment for identity data. ```bash docker run --name idsvr -it -e PASSWORD=Password1 -p 6749:6749 -p 8443:8443 curity.azurecr.io/curity/idsvr ``` -------------------------------- ### Start Curity Identity Server using Docker Source: https://curity.io/resources/learn/testing-an-instance-of-curity This shell command illustrates how to launch the Curity Identity Server within a Docker container for end-to-end testing. It includes mounting volumes for plugin JARs and configuration files, setting environment variables, and exposing necessary ports. Ensure that the paths for volumes and environment variables are correctly specified for your setup. ```shell docker run -d --rm -e PASSWORD=Password1 -e TEST_LICENSE=$TEST_LICENSE -v /path/to/plugin-jars:/opt/idsvr/usr/share/plugins/my-plugin -v /path/to/config.xml:/opt/idsvr/etc/init/config.xml -p 6749:6749 -p 8443:8443 curity.azurecr.io/curity/idsvr:latest ``` -------------------------------- ### DPoP JWT Example Request Header Source: https://curity.io/resources/learn/what-is-financial-grade This example demonstrates a basic HTTP GET request that would include a DPoP JWT in the 'DPoP' header. The DPoP JWT itself contains claims specifying the HTTP method and endpoint for which it is valid, ensuring the token is used in the intended context. ```http GET /resource HTTP/1.1 ```