# OAuth 2.0 ## OAuth 2.0 ### 1. Add your OAuth Server The main feature of the API Gateway is to proxy the requests to a different service, so let's do this. Now that you are authenticated, you can send a request to `/oauth/servers` to create a proxy. http -v POST localhost:8081/oauth/servers "Authorization:Bearer yourToken" "Content-Type: application/json" < examples/front-proxy-auth/auth/auth.json curl -X "POST" localhost:8081/oauth/servers -H "Authorization:Bearer yourToken" -H "Content-Type: application/json" -d @examples/front-proxy-auth/auth/auth.json ### 2. Verify that your API has been added You can use the REST API to query all available APIs and Auth Providers. Simply make a request to `/oauth/servers`. http -v GET localhost:8081/oauth/servers "Authorization:Bearer yourToken" "Content-Type: application/json" curl -X "GET" localhost:8081/oauth/servers -H "Authorization:Bearer yourToken" -H "Content-Type: application/json" ### 3. Forward your requests through Janus Issue the following cURL request to verify that Janus is properly forwarding requests to your OAuth Server. This request is an example of a simple `client_credentials` flow of [OAuth 2.0](/janus/auth/oauth.md), you can try any flow that you like. http -v GET "Authorization: Basic YourBasicToken" curl -X "GET" -H "Authorization: Basic YourBasicToken" -H "Content-Type: application/json" ## Reference | Configuration | Description | | ------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | name | The unique name of your OAuth Server | | oauth\_endpoints.authorize | Defines the [proxy configuration](https://github.com/motiv-labs/janus/tree/2470815283dbbce92900fce0c175b6fb9fc0574f/docs/config/proxy.md) for the `authorize` endpoint | | oauth\_endpoints.token | Defines the [proxy configuration](https://github.com/motiv-labs/janus/tree/2470815283dbbce92900fce0c175b6fb9fc0574f/docs/config/proxy.md) for the `token` endpoint | | oauth\_endpoints.introspection | Defines the [proxy configuration](https://github.com/motiv-labs/janus/tree/2470815283dbbce92900fce0c175b6fb9fc0574f/docs/config/proxy.md) for the `introspection` endpoint | | oauth\_endpoints.revoke | Defines the [proxy configuration](https://github.com/motiv-labs/janus/tree/2470815283dbbce92900fce0c175b6fb9fc0574f/docs/config/proxy.md) for the `revoke` endpoint | | oauth\_client\_endpoints.create | Defines the [proxy configuration](https://github.com/motiv-labs/janus/tree/2470815283dbbce92900fce0c175b6fb9fc0574f/docs/config/proxy.md) for the `create` client endpoint | | oauth\_client\_endpoints.remove | Defines the [proxy configuration](https://github.com/motiv-labs/janus/tree/2470815283dbbce92900fce0c175b6fb9fc0574f/docs/config/proxy.md) for the `remove` client endpoint | | allowed\_access\_types | The allowed access types for this oauth server | | allowed\_authorize\_types | The allowed authorize types for this oauth server | | auth\_login\_redirect | The auth login redirect URL | | secrets | A map of client\_id: client\_secret that allows you to authenticate only with the client\_id | | token\_strategy.name | The token strategy for this server. Could be `introspection` or `jwt` | | token\_strategy.settings | Token strategy settings, see bellow by strategy | | token\_strategy.leeway | Token date fields validation leeway to solve clock skew problem | ### Token Strategy Settings #### `jwt` JWT token validation strategy performs token validation against signature and expiration date. Currently the following signature methods are supported: * `HS256` - HMAC with SHA256 hash (symmetric key) * `HS384` - HMAC with SHA384 hash (symmetric key) * `HS512` - HMAC with SHA512 hash (symmetric key) * `RS256` - RSA with SHA256 hash (asymmetric key) * `RS384` - RSA with SHA384 hash (asymmetric key) * `RS512` - RSA with SHA512 hash (asymmetric key) Settings structure has the following format: ```javascript [ {"alg": "", "key": ""}, {"alg": "", "key": ""}, ... ] ``` List of signing methods allows signing method and keys rotation w/out immediate invalidation of the old one, so the tokens signed with old and new methods will be valid. For backward compatibility the following settings format is also valid: `{"secret": ""}` that is equal to the new format `[{"alg": "HS256", "key", ""}]`. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://motivlabs.gitbook.io/janus/auth/oauth.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.