How to Configure OAuth 2.0 for PoolParty Extractor?

We introduce here the concept of how to configure or disable OAuth 2.0 for PoolParty Extractor (PPX).

51735804.png

Setup PoolParty Extractor (PPX) to Accept OAuth 2.0 Access Token

To setup the PoolParty Extractor (PPX) to accept only the OAuth 2.0 access token that is authorized for PPX, copy:

  • The OAuth 2.0 provider’s Public Key (used to cryptographically sign the tokens) to PPX. PPX verifies that the tokens were issued by the correct provider.

  • The Client ID that was configured in the OAuth 2.0 provider for PPX.

Adapt the oauth-extractor.xml file to configure OAuth 2.0 for the PPX

By default OAuth 2.0 is not enabled. To enable OAuth 2.0 you need to adapt the configuration file oauth-extractor.xml under PoolParty configuration directory by doing the following:

  1. Make a copy of the preexisting oauth-extractor.xml file on the server and rename it (e.g. oauth-extractor.xml_backup). Make sure this backup file does not have an .xml extension.

  2. Open the original oauth-extractor.xml file.

  3. Replace the content with the configuration template provided below.

  4. Replace the following elements with the values gathered from your OAuth provider:

    ${Client ID} ${Audience} ${Public Key}

  5. Restart PoolParty.

    Note

    For more information, see: PoolParty Directory Structure to locate the file in your own installation.

Here is the OAuth 2.0 configuration template:

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans
        xmlns:beans="http://www.springframework.org/schema/beans"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns:mvc="http://www.springframework.org/schema/mvc"
        xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
        xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security/oauth2
http://www.springframework.org/schema/security/spring-security-oauth2.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc.xsd">
 
<oauth:resource-server id="oauthResourceServerFilter" resource-id="${Audience}" token-services-ref="tokenServices" />
 
<beans:bean id="tokenServices" class="org.springframework.security.oauth2.provider.token.DefaultTokenServices">
    <beans:property name="tokenStore" ref="tokenStore" />
    <beans:property name="tokenEnhancer" ref="tokenEnhancer" />
    <beans:property name="supportRefreshToken" value="true" />
    <beans:property name="clientDetailsService" ref="clientDetails" />
</beans:bean>
 
<beans:bean id="tokenStore" class="org.springframework.security.oauth2.provider.token.store.JwtTokenStore">
    <beans:constructor-arg ref="tokenEnhancer" />
</beans:bean>
 
<oauth:client-details-service id="clientDetails">
    <oauth:client
            client-id="${Client ID}"
            resource-ids="${Audience}"
            authorized-grant-types="password"
            scope="${read}"
            access-token-validity="${3600}"
            refresh-token-validity="${43200}" />
</oauth:client-details-service>
 
<beans:bean id="tokenEnhancer" class="org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter">
    <beans:property name="verifierKey" ref="publicKey" />
    <beans:property name="verifier">
        <beans:bean class="org.springframework.security.jwt.crypto.sign.RsaVerifier">
            <beans:constructor-arg ref="publicKey" />
        </beans:bean>
    </beans:property>
    <beans:property name="accessTokenConverter">
        <beans:bean class="org.springframework.security.oauth2.provider.token.DefaultAccessTokenConverter">
            <beans:property name="scopeAttribute" value="scp" />
            <beans:property name="clientIdAttribute" value="cid" />
        </beans:bean>
    </beans:property>
</beans:bean>
 
<beans:bean id="publicKey" class="java.lang.String">
    <beans:constructor-arg value="-----BEGIN PUBLIC KEY----- "${Public Key}"
-----END PUBLIC KEY-----" />
</beans:bean>
 
</beans:beans>

Disable/Not Use OAuth2.0 on PPX

If you want to disable OAuth 2.0 on PPX, you can copy back the default oauth-extractor.xml file that comes with PoolParty. In this case, no OAuth 2.0 is configured. If the original file was not backed up before configuration, the default configuration is provided below for reference.

51735805.png
<?xml version="1.0" encoding="UTF-8"?>
    <beans:beans
            xmlns:beans="http://www.springframework.org/schema/beans"
            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
            xmlns:mvc="http://www.springframework.org/schema/mvc"
            xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
            xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security/oauth2
http://www.springframework.org/schema/security/spring-security-oauth2.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc.xsd">
 
        <beans:bean id="oauthResourceServerFilter" class="at.punkt.poolparty.extractor.web.filters.FallThroughFilter"/>
 
    </beans:beans>