michaelawyu / auth-server-sample Goto Github PK

Hi @michaelawyu ,

Running the command "python AC_client.py" throws an error ModuleNotFoundError: No module named 'requests'.

How do I resolve this?

Thanks

How i can setup oauth2 on our server, after that I can use this sample code.

I am going to create basic authentication with use of oauth2.0. Please suggest the step which i need to do here and some integration url and command

1. Deploy command should be --trigger-http and --runtime=nodejs14 (or swap 14 for more recent version). When deploying need to agree to authorised access to the function.

2. The property with ac-enabled should have client-id as sample-ac-client (not a repeat of sample-ropc-client) and have the client-secret property set

3. The sample-acpkce-client has https://www.google.com as its client-secret value instead of sample-client-secret.

4. The POST commands should have the url in double quotes (at least for windows)

5. PKCE example: Verifier is mis-spelt as verfier.

6. Resource Owner example: username=sample-user not sample-username.

7. PUG file needs updating with GCP region and project values before deployment.

8. To generate pem key files you can use openssl on command line as:

openssl genrsa -aes256 -out priv.pem 4096
openssl rsa -in priv.pem -pubout > public.pem
openssl rsa -in priv.pem -out private.pem

Last step is needed to remove passphrase which will cause tutorial to fail.

I found this code after reading Understanding OAuth2 and Deploying a Basic Authorization Service to Cloud Functions tutorial. I wanted to bring two items to your attention with the tutorial:

1. "Download the code here" redirects to https://cloud.google.com/code and returns a 404 error
2. The tutorial currently contains this content:

You write that implicit and client credentials are reserved for special clients, and then also reference implicit and client credentials as the flows that "other clients" can use. Is this a typo? Should it instead be something like:
Highly trusted apps -> Resource Owner Password Credentials
Less trusted apps -> Authorization Code

Thank you for the tutorial.