The service acts as a proxy to the API Gateway /oauth/token service and is also responsible for generating the API Gateway authentication HTTP request.
| Path | Supported Methods | Description |
|---|---|---|
/oauth/authorize |
GET | Request to build an authentication request to the API Gateway. More... |
/oauth/token |
POST | Request for an access-token to make API Gateway service calls. More... |
/oauth/authorize/v2 |
GET | Version 2 of authorize endpoint to support OLFG. More... |
/oauth/token/v2 |
POST | Version 2 of token endpoint to support OLFG. More... |
- Run Unit Tests:
sbt test - Run Integration Tests:
sbt it:test - Run Unit and Integration Tests:
sbt test it:test - Run Unit and Integration Tests with coverage report:
sbt clean compile coverage test it:test coverageReport dependencyUpdates
To test the token service locally then below the services must be running.
API_GATEWAY_PROXY, AUTH, AUTH_LOGIN_STUB, USER_DETAILS, MOBILE_TOKEN_PROXY.
Once the services are running then follow steps below in order to test the /authorize and /oauth/token services.
- Open a new browser and enter the below URL into the address bar.
/oauth/authorize
- Once the service redirects to the below URL, override the port 9025 with 9949. Please note since CoAFE is not running, the request will fail. This makes no difference and please override the port and then press return.
http://localhost:9025/gg/sign-in?continue=http%3A%2F%2Flocalhost%3A8236%2Foauth%2Fgrantscope%3Fredirect_uri%3Durn%253Aietf%253Awg%253Aoauth%253A2.0%253Aoob%253Aauto%26auth_id%3D26201d52-cf29-4f74-98c5-53126a6a8b60%26scope%3Dread%253Apersonal-income%2Bread%253Acustomer-profile%2Bread%253Amessages%2Bread%253Asubmission-tracker%2Bread%253Aweb-session
-
The auth-login-stub will now be displayed. Input the fields PID, NINO and set CL to 200.
-
Once the grant-page is returned obtain the access-code from the title within the page.
-
Make a call to the mobile-token-proxy /oauth/token service supplying the authorizationCode as the access-code.
http://localhost:8239/oauth/token
The form POST to the above URL will look like below. Please note the authorizationCode is extracted from the access-code in step 4 above.
{"authorizationCode":"a4059838-c9d4-4a2f-9539-2c8b4fa60395"}
- The service will return a response like below.
{
"accessToken": "a4059838-c9d4-4a2f-9539-2c8b4fa60395",
"refreshToken": "a4059838-c9d4-4a2f-9539-2c8b4fa60395",
"expires_in": 14400
}
- Subsequent calls should supply the refreshToken.
{"refreshToken":"a4059838-c9d4-4a2f-9539-2c8b4fa60395"}
This code is open source software licensed under the Apache 2.0 License.