Merge pull request #1319 from stormpath/okta-spring-boot-demo

Bunches of changes for the okta branch

Author: bdemers

OktaGettingStarted.md

@@ -0,0 +1,103 @@
+
+Getting Started With Okta
+=========================
+
+Okay, so you have been using Stormpath for a while and now you want to checkout out Okta.  This guide will walk through
+setting up a new account, creating an API token, and everything else needed to get you up and running on Okta.
+
+Create an Okta Developer Account
+--------------------------------
+
+1. Head on over to: https://www.okta.com/developer/signup/
+2. Fill out the signup form, and click the "Get Started" button
+3. Within a few minutes you will get a conformation email
+4. Follow the instructions in the email to finish setting up your account
+
+
+Your Okta URLs
+--------------
+
+When setting up a developer account, you end up with a couple URL:
+An admin console URL that looks something like this: 
+
+https://dev-123456-admin.oktapreview.com/admin/getting-started
+
+Use this one to manually change organization settings, create users, or other general administrative work.  The other URL looks similar, but is missing the `admin` part: 
+
+https://dev-123456.oktapreview.com/
+
+This is the one your yours could interact with, and will be the base URL for any API access.
+
+**Important:** The second URL (the non-admin one) is the one you will need to remember, you will use this one for API access.
+ 
+Setup your Okta 'Organization'
+------------------------------
+
+### Create an Application
+
+1. Navigate to your Admin console: i.e. https://dev-123456-admin.oktapreview.com/admin/dashboard
+2. On the top menu click on 'Applications'
+3. Press the 'Add Application' button
+4. Press the 'Create New App' button
+5. On the 'Create a New Application Integration' popup fill select the following values, then press the 'Create' button
+  - Platform - Native
+  - Sign-on Method - OpenID Connect
+6. On the 'Create OpenID Connect Integration' page enter the following values, and press the 'Next' button
+  - Application Name - 'My Test Application'
+7. Use `http://localhost:8080/client/callback` for the Redirect URI's, and press the 'Finish' button
+8. Your application has been created, but you still have a few settings to change. On the 'General' tab, click the 'Edit' button on the 'General Settings' panel
+9. Select the 'Refresh Token', and 'Resource Owner Password' checkboxes and click the 'Save' button
+10. Click the 'Edit' button on the 'Client Credentials' panel
+11. Select the 'Use Client Authentication' radio button, and press the 'Save' button
+12. Click on the 'Groups' tab
+13. Select the 'Assign' button in the 'Everyone' column, and press the 'Done' button
+14. Grab the ID portion of the URL of your browsers current page, for example: if my URL was: `https://dev-123456-admin.oktapreview.com/admin/app/oidc_client/instance/00icu81200icu812/#tab-groups` then `00icu81200icu812` would be your application's ID
+
+**Important:** You will need to remember your application's ID.
+
+### Create an Access Token
+
+1. Navigate to your Admin console: i.e. https://dev-123456-admin.oktapreview.com/admin/dashboard
+2. On the top menu click on 'Security' -> 'API'
+3. Select the 'Tokens' tab
+4. Press the 'Create Token' button
+5. On the popup, give your new token a name, for example: 'My Test Token', and press the 'Create Token' button
+
+**Important:** You will need to remember this token value, so copy/paste it somewhere safe.
+
+For more information take a look at the official [Create an API token](http://developer.okta.com/docs/api/getting_started/getting_a_token.html) guide.
+
+
+Run an Example Application
+--------------------------
+
+Since you are reading this page on Github, I'm going to assume you know how to clone this repo, and switch to the `okta` branch, once you have done that, build the current SNAPSHOT with Apache Maven.
+
+``` bash
+$ mvn clean install
+```
+
+This should not take more then a couple minutes.
+
+Once complete change directories to examples/spring-boot-default
+
+``` bash
+$ cd examples/spring-boot-default
+```
+
+The last step before running our example is to set your configuration variables, there are a [few different ways](https://docs.stormpath.com/java/servlet-plugin/config.html) you can do this, but I'll just use environment variables here.
+
+``` bash
+$ export STORMPATH_CLIENT_BASEURL=[baseurl_from_above]
+$ export OKTA_APPLICATION_ID=[aapplication_id_from_above]
+$ export OKTA_API_TOKEN=[api_token_from_above]
+```
+
+Start it up!
+
+``` bash
+$ mvn spring-boot:run
+```
+
+Point your browser to: http://localhost:8080 and start using the example application!
+

README.md

@@ -6,6 +6,22 @@ We are incredibly excited to announce that [Stormpath is joining forces with Okt
 
 We're available to answer all questions at [[email protected]](mailto:[email protected]).
 
+## Okta Support Branch
+
+The aim of this branch is to port the Stormpath Java integrations (Spring, Spring-Boot, and Servlet) to work with Okta's API instead of Stormpath.
+
+Take a look at the [Getting Started With Okta](OktaGettingStarted.md) guide for instructions on how to get started.
+
+**Work on this branch is on going**, but if you want to try it out you can build it with Apache Maven: `mvn install`
+
+You will also need to set the following properties (these can be set the same way as your [existing Stormpath configuration properties](https://docs.stormpath.com/java/servlet-plugin/config.html#id10)).
+
+| Key | Description |
+|-----|-------------|
+| okta.api.token | [An Okta API key](http://developer.okta.com/docs/api/getting_started/getting_a_token.html) |
+| okta.application.id | You find your Application's id with an [API call](http://developer.okta.com/docs/api/resources/apps.html), or by opening your 'application' config in the Okta Admin console and grab the ID from your browsers URL |
+| stormpath.client.baseUrl | The base url of your Okta organization, for example in a preview enviornment this would be something like: https://dev-123456.oktapreview.com |
+
 # Stormpath Java SDK #
 
 *An advanced, reliable and easy-to-use user management API, built by Java security experts*

api/pom.xml

@@ -21,7 +21,7 @@
     <parent>
         <groupId>com.stormpath.sdk</groupId>
         <artifactId>stormpath-sdk-root</artifactId>
-        <version>1.6.0-SNAPSHOT</version>
+        <version>2.0.0-okta-alpha-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

api/src/main/java/com/stormpath/sdk/application/OAuthApplication.java

@@ -0,0 +1,34 @@
+package com.stormpath.sdk.application;
+
+import com.stormpath.sdk.oauth.IdSiteAuthenticator;
+import com.stormpath.sdk.oauth.OAuthBearerRequestAuthenticator;
+import com.stormpath.sdk.oauth.OAuthClientCredentialsGrantRequestAuthenticator;
+import com.stormpath.sdk.oauth.OAuthPasswordGrantRequestAuthenticator;
+import com.stormpath.sdk.oauth.OAuthRefreshTokenRequestAuthenticator;
+import com.stormpath.sdk.oauth.OAuthStormpathFactorChallengeGrantRequestAuthenticator;
+import com.stormpath.sdk.oauth.OAuthStormpathSocialGrantRequestAuthenticator;
+import com.stormpath.sdk.oauth.OAuthTokenRevocator;
+
+/**
+ * Marks an Application as supporting OAuth and adds required methods for handling tokens.
+ */
+public interface OAuthApplication extends Application {
+
+    OAuthClientCredentialsGrantRequestAuthenticator createClientCredentialsGrantAuthenticator();
+
+    OAuthStormpathSocialGrantRequestAuthenticator createStormpathSocialGrantAuthenticator();
+
+    OAuthStormpathFactorChallengeGrantRequestAuthenticator createStormpathFactorChallengeGrantAuthenticator();
+
+    OAuthPasswordGrantRequestAuthenticator createPasswordGrantAuthenticator();
+
+    OAuthRefreshTokenRequestAuthenticator createRefreshGrantAuthenticator();
+
+    OAuthBearerRequestAuthenticator createJwtAuthenticator();
+
+    OAuthTokenRevocator createOAuhtTokenRevocator();
+
+    // FIXME: this shouldn't be here, but not sure how much of the IdSite code is just OAuth functionality.
+    IdSiteAuthenticator createIdSiteAuthenticator();
+
+}

api/src/main/java/com/stormpath/sdk/application/okta/AuthNRequest.java

@@ -0,0 +1,21 @@
+package com.stormpath.sdk.application.okta;
+
+import com.stormpath.sdk.resource.Resource;
+
+import java.util.Map;
+
+/**
+ * Representation of /api/v1/authn
+ */
+public interface AuthNRequest extends Resource {
+
+    String getUsername();
+    AuthNRequest setUsername(String username);
+
+    String getPassword();
+    AuthNRequest setPassword(String password);
+
+    Map<String, Object> getOptions();
+    AuthNRequest setOptions(Map<String, Object> options);
+
+}

api/src/main/java/com/stormpath/sdk/application/okta/AuthNResult.java

@@ -0,0 +1,16 @@
+package com.stormpath.sdk.application.okta;
+
+import com.stormpath.sdk.resource.Resource;
+
+import java.util.Map;
+
+/**
+ * Representation of /api/v1/authn
+ */
+public interface AuthNResult extends Resource {
+
+    String getSessionToken();
+
+    String getUserId();
+
+}

api/src/main/java/com/stormpath/sdk/application/okta/OIDCKey.java

@@ -0,0 +1,17 @@
+package com.stormpath.sdk.application.okta;
+
+import com.stormpath.sdk.resource.Resource;
+
+/**
+ *
+ */
+public interface OIDCKey extends Resource {
+
+    String getAlgorithm();
+    String getId();
+    String getType();
+    String getUse();
+
+    String get(String id);
+
+}

api/src/main/java/com/stormpath/sdk/application/okta/OIDCKeysList.java

@@ -0,0 +1,16 @@
+package com.stormpath.sdk.application.okta;
+
+import com.stormpath.sdk.resource.Resource;
+
+import java.security.Key;
+import java.util.Set;
+
+/**
+ *
+ */
+public interface OIDCKeysList extends Resource {
+
+    Set<OIDCKey> getKeys();
+    OIDCKey getKeyById(String keyId);
+
+}

api/src/main/java/com/stormpath/sdk/application/okta/OktaForgotPasswordRequest.java

@@ -0,0 +1,18 @@
+package com.stormpath.sdk.application.okta;
+
+import com.stormpath.sdk.resource.Resource;
+
+/**
+ *
+ */
+public interface OktaForgotPasswordRequest extends Resource {
+
+    String getUsername();
+    OktaForgotPasswordRequest setUsername(String username);
+
+    String getFactorType();
+    OktaForgotPasswordRequest setFactorType(String factorType);
+
+    String getRelayState();
+    OktaForgotPasswordRequest setRelayState(String relayState);
+}

api/src/main/java/com/stormpath/sdk/application/okta/OktaForgotPasswordResult.java

@@ -0,0 +1,16 @@
+package com.stormpath.sdk.application.okta;
+
+import com.stormpath.sdk.resource.Resource;
+
+/**
+ *
+ */
+public interface OktaForgotPasswordResult extends Resource {
+
+    String getStatus();
+    String getFactorResult();
+    String getRelayState();
+    String getFactorType();
+    String getRecoveryType();
+
+}

api/src/main/java/com/stormpath/sdk/application/okta/OktaTokenRequest.java

@@ -0,0 +1,25 @@
+package com.stormpath.sdk.application.okta;
+
+import com.stormpath.sdk.resource.Resource;
+
+/**
+ *
+ */
+public interface OktaTokenRequest extends Resource {
+
+    String getGrantType();
+    OktaTokenRequest setGrantType(String grantType);
+
+    String getRedirectUri();
+    OktaTokenRequest setRedirectUri(String redirectUri);
+
+    String getUsername();
+    OktaTokenRequest setUsername(String username);
+
+    String getPassword();
+    OktaTokenRequest setPassword(String password);
+
+    String getScope();
+    OktaTokenRequest setScope(String scope);
+
+}

api/src/main/java/com/stormpath/sdk/application/okta/OktaTokenResponse.java

@@ -0,0 +1,21 @@
+package com.stormpath.sdk.application.okta;
+
+import com.stormpath.sdk.oauth.TokenResponse;
+import com.stormpath.sdk.resource.Resource;
+
+/**
+ *
+ */
+public interface OktaTokenResponse extends Resource, TokenResponse {
+
+    String getAccessToken();
+
+    String getTokenType();
+
+    String getExpiresIn();
+
+    String getScope();
+
+    String getRefreshToken();
+
+}

api/src/main/java/com/stormpath/sdk/application/okta/TokenIntrospectRequest.java

@@ -0,0 +1,16 @@
+package com.stormpath.sdk.application.okta;
+
+import com.stormpath.sdk.resource.Resource;
+
+/**
+ *
+ */
+public interface TokenIntrospectRequest extends Resource {
+
+    String getToken();
+    TokenIntrospectRequest setToken(String token);
+
+    String getTokenTypeHint();
+    TokenIntrospectRequest setTokenTypeHint(String tokenTypeHint);
+
+}

api/src/main/java/com/stormpath/sdk/application/okta/TokenIntrospectResponse.java

@@ -0,0 +1,24 @@
+package com.stormpath.sdk.application.okta;
+
+import com.stormpath.sdk.resource.Resource;
+
+import java.util.Date;
+
+/**
+ *
+ */
+public interface TokenIntrospectResponse extends Resource {
+
+    boolean isActive();
+    String getScope();
+    String getUsername();
+    Date getExpiresAt();
+    Date getIssuedAt();
+    String getSubject();
+    String getAudience();
+    String getIssuer();
+    String getJwtId();
+    String getTokenType();
+    String getClientId();
+    String getUid();
+}

api/src/main/java/com/stormpath/sdk/authc/OktaAuthNAuthenticator.java

@@ -0,0 +1,13 @@
+package com.stormpath.sdk.authc;
+
+import com.stormpath.sdk.resource.Resource;
+
+/**
+ *
+ */
+public interface OktaAuthNAuthenticator extends Resource {
+
+    AuthenticationResult authenticate(AuthenticationRequest request);
+    
+    void assertValidAccessToken(String accessToken);
+}

api/src/main/java/com/stormpath/sdk/client/ClientBuilder.java

@@ -222,6 +222,7 @@ public interface ClientBuilder {
     String DEFAULT_CLIENT_PROXY_HOST_PROPERTY_NAME = "stormpath.client.proxy.host";
     String DEFAULT_CLIENT_PROXY_USERNAME_PROPERTY_NAME = "stormpath.client.proxy.username";
     String DEFAULT_CLIENT_PROXY_PASSWORD_PROPERTY_NAME = "stormpath.client.proxy.password";
+    String DEFAULT_OKTA_ENABLED_PROPERTY_NAME = "okta.enabled";
 
     /**
      * Allows specifying an {@code ApiKey} instance directly instead of relying on the